diff options
| author | Asha Akkiangady <aakkiang@redhat.com> | 2015-06-22 11:42:01 -0400 |
|---|---|---|
| committer | Asha Akkiangady <aakkiang@redhat.com> | 2015-06-22 11:45:27 -0400 |
| commit | 2ed9c07b76e7318e924fbe11075730d7512660a1 (patch) | |
| tree | 5f863aa9871cb3cfec483329322fe84a3d9c935c /tests/dogtag | |
| parent | e46e32806f91a36b4ffdebbf9a0f658e58e7c563 (diff) | |
| download | pki-2ed9c07b76e7318e924fbe11075730d7512660a1.tar.gz pki-2ed9c07b76e7318e924fbe11075730d7512660a1.tar.xz pki-2ed9c07b76e7318e924fbe11075730d7512660a1.zip | |
Created tests for pki kra-user, ocsp-user,
tks-user and tps-user.
Fixed pki user tests syntax errors.
Diffstat (limited to 'tests/dogtag')
59 files changed, 45119 insertions, 34 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index 3a1847b85..101c384d0 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -119,18 +119,18 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh chmod a+x ./acceptance/cli-tests/pki-tests-setup/cleanup-role-users.sh #user KRA - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-find-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-del-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-add-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-find-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-del-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh - chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh #user OCSP chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh @@ -185,12 +185,61 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh #KRA user - chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh - chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh - chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert.sh - chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh - chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh - chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-show.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-mod.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-del.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-del.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-show.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-delete.sh + #OCSP user + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-show.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-mod.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-del.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-del.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-show.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-delete.sh + #TKS user + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-add.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-show.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-find.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-mod.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-del.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-add.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-find.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-del.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-add.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-find.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-show.sh + chmod a+x ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-delete.sh + #TPS user + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-add.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-show.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-find.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-mod.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-del.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-add.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-find.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-del.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-add.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-find.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-show.sh + chmod a+x ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-delete.sh #cert CA chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert.sh chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-show.sh diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-add.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-add.sh new file mode 100755 index 000000000..466b28ff8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-add.sh @@ -0,0 +1,1453 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI kra-user-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-kra-user-add Add users to pki KRA subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-kra-user-add-kra.sh +######################################################################## +run_pki-kra-user-cli-kra-user-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki kra-user Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$kra_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_kra_user_cli-configtest: pki kra-user --help configuration test" + rlRun "pki kra-user --help > $TmpDir/pki_kra_user_cfg.out 2>&1" \ + 0 \ + "pki kra-user --help" + rlAssertGrep "kra-user-find Find users" "$TmpDir/pki_kra_user_cfg.out" + rlAssertGrep "kra-user-show Show user" "$TmpDir/pki_kra_user_cfg.out" + rlAssertGrep "kra-user-add Add user" "$TmpDir/pki_kra_user_cfg.out" + rlAssertGrep "kra-user-mod Modify user" "$TmpDir/pki_kra_user_cfg.out" + rlAssertGrep "kra-user-del Remove user" "$TmpDir/pki_kra_user_cfg.out" + rlAssertGrep "kra-user-cert User certificate management commands" "$TmpDir/pki_kra_user_cfg.out" + rlAssertGrep "kra-user-membership User membership management commands" "$TmpDir/pki_kra_user_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_user_add-configtest: pki kra-user-add configuration test" + rlRun "pki kra-user-add --help > $TmpDir/pki_kra_user_add_cfg.out 2>&1" \ + 0 \ + "pki kra-user-add --help" + rlAssertGrep "usage: kra-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_kra_user_add_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_kra_user_add_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_kra_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_user_add_cfg.out" + rlAssertGrep "\--password <password> Password" "$TmpDir/pki_kra_user_add_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_kra_user_add_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_kra_user_add_cfg.out" + rlAssertGrep "\--type <type> Type" "$TmpDir/pki_kra_user_add_cfg.out" + rlPhaseEnd + + ##### Tests to add KRA users using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-001: Add a user to KRA using KRA_adminV" + user1=kra_agent2 + user1fullname="Test kra_agent" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-001.out" 0 "Add user $user1 to KRA_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-kra-user-add-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-add-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test \"$user2\" > $TmpDir/pki-kra-user-add-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-kra-user-add-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-003:User id with # character" + user3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user3 > $TmpDir/pki-kra-user-add-001_2.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-kra-user-add-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-kra-user-add-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-004:User id with $ character" + user4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user4 > $TmpDir/pki-kra-user-add-001_3.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-kra-user-add-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-kra-user-add-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-005:User id with @ character" + user5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user5 > $TmpDir/pki-kra-user-add-001_4.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-kra-user-add-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-kra-user-add-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-006:User id with ? character" + user6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user6 > $TmpDir/pki-kra-user-add-001_5.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-kra-user-add-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-kra-user-add-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-007:User id as 0" + user7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user7 > $TmpDir/pki-kra-user-add-001_6.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-kra-user-add-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-kra-user-add-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-kra-user-add-001_7.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-kra-user-add-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-kra-user-add-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_7.out" + actual_email_string=`cat $TmpDir/pki-kra-user-add-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email='$email' u2 > $TmpDir/pki-kra-user-add-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-kra-user-add-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-kra-user-add-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_8.out" + actual_email_string=`cat $TmpDir/pki-kra-user-add-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-010:--email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=# u3 > $TmpDir/pki-kra-user-add-001_9.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-kra-user-add-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-kra-user-add-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-kra-user-add-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-011:--email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=* u4 > $TmpDir/pki-kra-user-add-001_10.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-kra-user-add-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-kra-user-add-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-kra-user-add-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-012:--email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=$ u5 > $TmpDir/pki-kra-user-add-001_11.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-kra-user-add-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-kra-user-add-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-kra-user-add-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-013:--email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=0 u6 > $TmpDir/pki-kra-user-add-001_12.out " \ + 0 \ + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-kra-user-add-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-kra-user-add-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-kra-user-add-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-kra-user-add-001_13.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-kra-user-add-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-kra-user-add-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_13.out" + actual_state_string=`cat $TmpDir/pki-kra-user-add-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-kra-user-add-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-kra-user-add-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state='$state' u8 > $TmpDir/pki-kra-user-add-001_14.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-kra-user-add-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-kra-user-add-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_14.out" + actual_state_string=`cat $TmpDir/pki-kra-user-add-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-kra-user-add-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-kra-user-add-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-016:--state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=# u9 > $TmpDir/pki-kra-user-add-001_15.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-kra-user-add-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-user-add-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-kra-user-add-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-017:--state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=* u10 > $TmpDir/pki-kra-user-add-001_16.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-kra-user-add-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-user-add-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-kra-user-add-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-018:--state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=$ u11 > $TmpDir/pki-kra-user-add-001_17.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-kra-user-add-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-user-add-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-kra-user-add-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-019:--state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=0 u12 > $TmpDir/pki-kra-user-add-001_18.out " \ + 0 \ + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-kra-user-add-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-user-add-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-kra-user-add-001_18.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-kra-user-add-001_19.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-kra-user-add-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-user-add-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-add-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-kra-user-add-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-kra-user-add-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-kra-user-add-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-022:--phone with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone=# usr2 > $TmpDir/pki-kra-user-add-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-kra-user-add-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-kra-user-add-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-023:--phone with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone=* usr3 > $TmpDir/pki-kra-user-add-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-kra-user-add-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-kra-user-add-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-024:--phone with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-kra-user-add-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-kra-user-add-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-kra-user-add-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-025:--phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-kra-user-add-001_24.out " \ + 0 \ + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-kra-user-add-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-kra-user-add-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-kra-user-add-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-026:--type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-kra-user-add-001_25.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-kra-user-add-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-kra-user-add-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-kra-user-add-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-027:--type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-kra-user-add-001_26.out" \ + 0 \ + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-kra-user-add-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-add-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-kra-user-add-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-028:--type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-kra-user-add-001_27.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-kra-user-add-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-kra-user-add-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-kra-user-add-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-029:--type Subsytem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-kra-user-add-001_28.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-kra-user-add-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-kra-user-add-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_28.out" + rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-kra-user-add-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-030:--type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-kra-user-add-001_29.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-kra-user-add-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-kra-user-add-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-kra-user-add-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-031:--type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-kra-user-add-001_30.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-kra-user-add-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-kra-user-add-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-kra-user-add-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-032:--type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-kra-user-add-001_31.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-kra-user-add-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-kra-user-add-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-kra-user-add-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-033:--type Dummy Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-kra-user-add-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-kra-user-add-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-kra-user-add-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-kra-user-add-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-kra-user-add-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-kra-user-add-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-034: Add a duplicate user to KRA" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"New user\" $user1 > $TmpDir/pki-kra-user-add-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-kra-user-add-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-036: Add a user -- missing required option user id" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" > $TmpDir/pki-kra-user-add-004.out" \ + 255 \ + "Add user -- missing required option user id" + rlAssertGrep "usage: kra-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-kra-user-add-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-037: Add a user -- missing required option --fullName" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add $user1 > $TmpDir/pki-kra-user-add-005.out 2>&1" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-038: Add a user -- all options provided" + email="kra_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23 > $TmpDir/pki-kra-user-add-006_1.out" \ + 0 \ + "Add user u23 to KRA -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-kra-user-add-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-kra-user-add-006_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-add-006_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-add-006_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-add-006_1.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-kra-user-add-006_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-add-006_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-039: Add user to multiple groups" + user=u24 + userfullname="Multiple Group User" + email="multiplegroup@myemail.com" + user_password="admin2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$userfullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + $user > $TmpDir/pki-kra-user-add-006.out " \ + 0 \ + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-kra-user-add-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-add-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-kra-user-add-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-add-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-add-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-add-006.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-add Administrators $user > $TmpDir/pki-kra-user-add-007_1.out" \ + 0 \ + "Add user $user to Administrators group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-kra-user-add-007_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-kra-user-add-007_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-find Administrators > $TmpDir/pki-kra-user-add-007.out" \ + 0 \ + "Show pki group-member-find Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-add \"Data Recovery Manager Agents\" $user > $TmpDir/pki-kra-user-add-007_1_1.out" \ + 0 \ + "Add user $user to Data Recovery Manager Agents group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-kra-user-add-007_1_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-kra-user-add-007_1_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-find \"Data Recovery Manager Agents\" > $TmpDir/pki-kra-user-add-007_2.out" \ + 0 \ + "Show pki group-member-find Data Recovery Manager Agents" + + rlAssertGrep "User: $user" "$TmpDir/pki-kra-user-add-007_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-040: Add user with --password less than 8 characters" + userpw="pass" + expmsg="PKIException: The password must be at least 8 characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-kra-user-add-008.out 2>&1" \ + 255 \ + "Add a user --must be at least 8 characters --password" + rlAssertGrep "$expmsg" "$TmpDir/pki-kra-user-add-008.out" + rlPhaseEnd + + ##### Tests to add users using revoked cert##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-041: Should not be able to add user using a revoked cert KRA_adminR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-add-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-042: Should not be able to add user using a agent with revoked cert KRA_agentR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-add-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add users using an agent user##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-043: Should not be able to add user using a valid agent KRA_agentV user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-kra-user-add-agentV-002.out" + rlPhaseEnd + + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-044: Should not be able to add user using a KRA_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-add-agentUTCA-002.out" + rlPhaseEnd + + ##### Tests to add users using expired cert##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-045: Should not be able to add user using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-add-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-kra-user-add-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-046: Should not be able to add user using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-kra-user-add-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-kra-user-add-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add users using audit users##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-047: Should not be able to add user using a KRA_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-kra-user-add-auditV-002.out" + rlPhaseEnd + + + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-048: Should not be able to add user using a KRA_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-kra-user-add-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-049: Should not be able to add user using a cert created from a untrusted KRA KRA_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-kra-user-add-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-add-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-kra-user-add-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-kra-user-add-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-kra-user-add-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-051: fullname with i18n characters" + rlLog "kra-user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-kra-user-add-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-kra-user-add-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-kra-user-add-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-kra-user-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-052: fullname with i18n characters" + rlLog "kra-user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u27 > $TmpDir/pki-kra-user-add-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-kra-user-add-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-kra-user-add-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-kra-user-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-053: fullname with i18n characters" + rlLog "kra-user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-kra-user-add-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-kra-user-add-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-kra-user-add-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-kra-user-add-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u28 > $TmpDir/pki-kra-user-add-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-kra-user-add-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-kra-user-add-001_53_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-054: fullname with i18n characters" + rlLog "kra-user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-kra-user-add-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-kra-user-add-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-kra-user-add-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u29 > $TmpDir/pki-kra-user-add-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-kra-user-add-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-kra-user-add-001_54_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-055: fullname with i18n characters" + rlLog "kra-user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-kra-user-add-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-kra-user-add-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-kra-user-add-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u30 > $TmpDir/pki-kra-user-add-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-kra-user-add-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-kra-user-add-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-056: user id with i18n characters" + rlLog "kra-user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-057: userid with i18n characters" + rlLog "kra-user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-058: email address with i18n characters" + rlLog "kra-user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-059: email address with i18n characters" + rlLog "kra-user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-060: password with i18n characters" + rlLog "kra-user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-kra-user-add-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-kra-user-add-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u31 > $TmpDir/pki-kra-user-add-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-kra-user-add-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-061: password with i18n characters" + rlLog "kra-user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-kra-user-add-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-kra-user-add-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u32 > $TmpDir/pki-kra-user-add-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-kra-user-add-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-062: type with i18n characters" + rlLog "kra-user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-kra-user-add-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-kra-user-add-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-kra-user-add-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u33 > $TmpDir/pki-kra-user-add-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-kra-user-add-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-kra-user-add-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-063: type with i18n characters" + rlLog "kra-user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-kra-user-add-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-kra-user-add-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-kra-user-add-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u34 > $TmpDir/pki-kra-user-add-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-kra-user-add-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-kra-user-add-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-064: state with i18n characters" + rlLog "kra-user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state='čå' u35 > $TmpDir/pki-kra-user-add-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-kra-user-add-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-kra-user-add-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u35 > $TmpDir/pki-kra-user-add-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-kra-user-add-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-kra-user-add-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-065: state with i18n characters" + rlLog "kra-user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state='йč' u36 > $TmpDir/pki-kra-user-add-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-kra-user-add-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-kra-user-add-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u36 > $TmpDir/pki-kra-user-add-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-kra-user-add-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-kra-user-add-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-kra-user-add-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-add-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + kra-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + kra-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_add-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + kra-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + kra-user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u$i > $TmpDir/pki-kra-user-del-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-kra-user-del-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del '$usr' > $TmpDir/pki-kra-user-del-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-kra-user-del-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-kra-user-del-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-kra-user-del-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del $pki_user > $TmpDir/pki-kra-user-del-user-kra-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-kra-user-del-user-kra-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not created." + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-del.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-del.sh new file mode 100755 index 000000000..9d92753a8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-del.sh @@ -0,0 +1,695 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI kra-user-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-kra-user-del Delete pki subsystem KRA users. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-kra-user-del.sh +######################################################################## + +run_pki-kra-user-cli-kra-user-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$kra_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_kra_user_cli_kra_kra_user_del-configtest-001: pki kra-user-del --help configuration test" + rlRun "pki kra-user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki kra-user-del --help" + rlAssertGrep "usage: kra-user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_kra_user_del-configtest-002: pki kra-user-del configuration test" + rlRun "pki kra-user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki kra-user-del" + rlAssertGrep "usage: kra-user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u$i > $TmpDir/pki-kra-user-del-kra-user1-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-kra-user-del-kra-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del $usr > $TmpDir/pki-kra-user-del-kra-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-kra-user-del-kra-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del USER_ABC > $TmpDir/pki-kra-user-del-kra-user-002_1.out" \ + 0 \ + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-kra-user-del-kra-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del > $TmpDir/pki-kra-user-del-kra-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: kra-user-del <User ID>" "$TmpDir/pki-kra-user-del-kra-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test \"$user2\" > $TmpDir/pki-kra-user-add-kra-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del \"$user2\" > $TmpDir/pki-kra-user-del-kra-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-kra-user-del-kra-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test '$userid' > $TmpDir/pki-kra-user-add-kra-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del '$userid' > $TmpDir/pki-kra-user-del-kra-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-kra-user-del-kra-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show '$userid' > $TmpDir/pki-kra-user-del-kra-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-kra-user-del-kra-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test kra_agent" + email="kra_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-kra-user-add-kra-008.out" \ + 0 \ + "Add user $user1 to KRA -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user1 \"$gid\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del $user1 > $TmpDir/pki-kra-user-del-kra-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-kra-user-del-kra-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-kra-user-add-kra-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + kra-user-del u22 > $TmpDir/pki-kra-user-del-kra-user-009.out" \ + 0 \ + "Deleting user u22 using -t kra option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-kra-user-del-kra-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-010: Should not be able to delete user using a revoked cert KRA_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-kra-user-add-kra-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u23 > $TmpDir/pki-kra-user-show-kra-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-kra-user-show-kra-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-kra-user-show-kra-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-kra-user-show-kra-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-011: Should not be able to delete user using a agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u23 > $TmpDir/pki-kra-user-show-kra-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-kra-user-show-kra-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-kra-user-show-kra-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-kra-user-show-kra-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u23 > $TmpDir/pki-kra-user-del-kra-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-012: Should not be able to delete user using a valid agent KRA_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-kra-user-add-kra-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-kra-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-kra-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-kra-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-kra-user-show-kra-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-013: Should not be able to delete user using a admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-kra-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-kra-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-kra-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-kra-user-show-kra-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-014: Should not be able to delete a user using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-kra-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-kra-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-kra-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-kra-user-show-kra-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-015: Should not be able to delete user using a KRA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-kra-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-kra-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-kra-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-kra-user-show-kra-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-016: Should not be able to delete user using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-kra-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-kra-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-kra-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-kra-user-show-kra-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-kra-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-kra-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-kra-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-kra-user-show-kra-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-kra-user-del-kra-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-del-kra-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-kra-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-kra-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-kra-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-kra-user-show-kra-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u24 > $TmpDir/pki-kra-user-del-kra-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-019: delete user name with i18n characters" + rlLog "kra-user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-kra-user-add-kra-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-kra-user-add-kra-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-kra-user-add-kra-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u19 > $TmpDir/pki-kra-user-del-kra-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-kra-user-del-kra-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_del-020: delete username with i18n characters" + rlLog "kra-user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-kra-user-add-kra-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-kra-user-add-kra-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-kra-user-add-kra-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u20 > $TmpDir/pki-kra-user-del-kra-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-kra-user-del-kra-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_kra_user_cli_kra_user_del_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-find.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-find.sh new file mode 100755 index 000000000..4a2f87959 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-find.sh @@ -0,0 +1,750 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI kra-user-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-kra-user-find To list users in KRA. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-kra-user-find.sh +######################################################################## + +run_pki-kra-user-cli-kra-user-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$kra_instance_created" = "TRUE" ] ; then + user1=kra_agent2 + user1fullname="Test kra_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_kra_user_cli_kra_user_find-startup-addusers: Add users" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-configtest-001: pki kra-user-find --help configuration test" + rlRun "pki kra-user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki kra-user-find --help" + rlAssertGrep "usage: kra-user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-configtest-002: pki kra-user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki kra-user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-003: Find 5 users, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=5 > $TmpDir/pki-kra-user-find-kra-001.out 2>&1" \ + 0 \ + "Found 5 users" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-user-find-kra-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-004: Find non user, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=0 > $TmpDir/pki-kra-user-find-kra-002.out 2>&1" \ + 0 \ + "Found no users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-find-kra-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-005: Find all users, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$large_num > $TmpDir/pki-kra-user-find-kra-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-kra-user-find-kra-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check > $TmpDir/pki-kra-user-find-kra-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-kra-user-find-kra-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check > $TmpDir/pki-kra-user-find-kra-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-kra-user-find-kra-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=-1 > $TmpDir/pki-kra-user-find-kra-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-find-kra-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-009: Find users for size input as noninteger, --size=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$size_noninteger > $TmpDir/pki-kra-user-find-kra-005.out 2>&1" \ + 255 \ + "No users returned" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-kra-user-find-kra-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-010: Find users, check for no input --size=" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size= > $TmpDir/pki-kra-user-find-kra-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-kra-user-find-kra-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find > $TmpDir/pki-kra-user-find-kra-007_1.out 2>&1" \ + 0 \ + "Get all users in KRA" + user_entry_10=`cat $TmpDir/pki-kra-user-find-kra-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=10 > $TmpDir/pki-kra-user-find-kra-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-kra-user-find-kra-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-user-find-kra-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-012: Find users, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=10000 > $TmpDir/pki-kra-user-find-kra-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-find-kra-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=$maximum_check > $TmpDir/pki-kra-user-find-kra-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-find-kra-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=$maximum_check > $TmpDir/pki-kra-user-find-kra-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-kra-user-find-kra-008_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=0 > $TmpDir/pki-kra-user-find-kra-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-user-find-kra-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=-1 > $TmpDir/pki-kra-user-find-kra-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-kra-user-find-kra-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-017: Find users for size input as noninteger, --start=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=$size_noninteger > $TmpDir/pki-kra-user-find-kra-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-kra-user-find-kra-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start= > $TmpDir/pki-kra-user-find-kra-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-kra-user-find-kra-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find > $TmpDir/pki-kra-user-find-kra-00_13_1.out 2>&1" \ + 0 \ + "Get all users in KRA" + user_entry_12=`cat $TmpDir/pki-kra-user-find-kra-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=12 --size=12 > $TmpDir/pki-kra-user-find-kra-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-kra-user-find-kra-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-kra-user-find-kra-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find > $TmpDir/pki-kra-user-find-kra-00_14_1.out 2>&1" \ + 0 \ + "Get all users in KRA" + user_entry_12=`cat $TmpDir/pki-kra-user-find-kra-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=12 --size=0 > $TmpDir/pki-kra-user-find-kra-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-find-kra-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-021: Should not be able to find user using a revoked cert KRA_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-find-kra-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-022: Should not be able to find users using an agent with revoked cert KRA_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-find-kra-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-023: Should not be able to find users using a valid agent KRA_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-kra-user-find-kra-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-find-kra-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-025: Should not be able to find users using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-find-kra-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-kra-user-find-kra-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-026: Should not be able to find users using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-find-kra-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-kra-user-find-kra-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-027: Should not be able to find users using a KRA_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-kra-user-find-kra-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-028: Should not be able to find users using a KRA_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-kra-user-find-kra-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + kra-user-find --start=1 --size=5 > $TmpDir/pki-kra-user-find-kra-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-find-kra-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + kra-user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password kra-user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-kra-user-find-kra-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-find-kra-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "kra-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-kra-user-find-kra-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check > $TmpDir/pki-user-show-kra-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-kra-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-kra-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_find-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "kra-user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-kra-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-find --size=$maximum_check > $TmpDir/pki-user-show-kra-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-kra-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-kra-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_kra_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u$i > $TmpDir/pki-kra-user-del-kra-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-kra-user-del-kra-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del $usr > $TmpDir/pki-kra-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-kra-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-add.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-add.sh new file mode 100755 index 000000000..2ebf0adea --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-add.sh @@ -0,0 +1,825 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI user-cli-kra-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-user-cli-kra-user-membership-add Add KRA user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-membership-add.sh +###################################################################################### + +######################################################################## +run_pki-kra-user-cli-kra-user-membership-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$kra_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-002: pki kra-user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership > $TmpDir/pki_kra_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_kra_user_membership_cfg.out" + rlAssertGrep "kra-user-membership-find Find user memberships" "$TmpDir/pki_kra_user_membership_cfg.out" + rlAssertGrep "kra-user-membership-add Add user membership" "$TmpDir/pki_kra_user_membership_cfg.out" + rlAssertGrep "kra-user-membership-del Remove user membership" "$TmpDir/pki_kra_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-003: pki kra-user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki kra-user-membership-add --help" + rlAssertGrep "usage: kra-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-004: pki kra-user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki kra-user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: kra-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-005: Add users to available groups using valid admin user KRA_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-user-membership-add-user-add-kra-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-user-membership-add-user-add-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-user-membership-add-user-add-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-user-membership-add-user-add-kra-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u$i > $TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u$i \"$gid\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u$i > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-006: Add a user to all available groups using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-user-membership-add-user-add-kra-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-user-membership-add-user-add-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-user-membership-add-user-add-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-user-membership-add-user-add-kra-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show userall > $TmpDir/pki-kra-user-membership-add-kra-user-show-kra-userall-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add userall \"$gid\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-user-membership-add-user-add-kra-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-user-membership-add-user-add-kra-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show user1 > $TmpDir/pki-kra-user-membership-add-kra-user-show-kra-user1-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add user1 \"Administrators\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD kra-user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-user-membership-add-user-add-kra-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD kra-user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-009: Should be able to kra-user-membership-add user name with i18n characters" + rlLog "kra-user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD kra-user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-kra-user-membership-add-groupadd-kra-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD kra-user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-010: Should be able to kra-user-membership-add user to group id with i18n characters" + rlLog "kra-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-user-membership-add-groupadd-kra-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u10 > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-011: Should not be able to kra-user-membership-add using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminR -c $CERTDB_DIR_PASSWORD kra-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-add using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-012: Should not be able to kra-user-membership-add using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD kra-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-add using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-013: Should not be able to kra-user-membership-add using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminE -c $CERTDB_DIR_PASSWORD kra-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-add using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-014: Should not be able to kra-user-membership-add using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-add using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-015: Should not be able to kra-user-membership-add using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD kra-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-add using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-016: Should not be able to kra-user-membership-add using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-add using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-017: Should not be able to kra-user-membership-add using KRA_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-kra-user-membership-add-user-add-kra-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user2 \"$gid\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find $user2 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-$user2-019.out" \ + 0 \ + "Find user-membership to groups of $user2" + rlAssertGrep "7 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-$user2-019.out" + rlAssertGrep "Number of entries returned 7" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-$user2-019.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $KRA_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${KRA_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-kra-user-add-kra-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-kra-user-add-kra-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find $user2 > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test_user u19 > $TmpDir/pki-kra-user-add-kra-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-kra-user-add-kra-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-kra-user-add-kra-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-kra-user-add-kra-019_4.out" + rlPhaseEnd + + #Usability test + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-019: User associated with Certificate Manager Agents group only perform asymmetric key recovery" + local user3="testuser3" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_user3\" $user3 > $TmpDir/pki-kra-user-membership-add-user-add-kra-user3-019.out" \ + 0 \ + "Adding user $user3" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user3 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user3 \"$gid\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-$user3-00$i.out" \ + 0 \ + "Adding user to all groups except Data Recovery Manager Agents group - now adding to \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-$user3-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-$user3-00$i.out" + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User3\" \"$user3\" \ + \"$user3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $KRA_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user3 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_020_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${KRA_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-cert-add $user3 --input $TmpDir/validcert_020_1.pem > $TmpDir/useraddcert_020_2.out" \ + 0 \ + "Cert is added to the user $user3" + + rlLog "Check $user3 is not in group Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find $user3 > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-usertest3-020_1.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertNotGrep "Group: $groupid1" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-usertest3-020_1.out" + + #Trying to perform Asymmetric key recovery using $user3's cert should fail + local rand=$RANDOM + local client_id=temp$rand + local algo=AES + local action=NULL + local key_size=128 + local usages=wrap + local key_generate_output=$TmpDir/key-generate.out + local key_recover_output=$TmpDir/key-recover.out + local key_recover_output_2=$TmpDir/key-recover-2.out + rlRun "generate_key $client_id $algo $key_size $usages $action $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) ${KRA_INST}_agentV $key_generate_output" \ + 0 "Generate Symmetric key with client $client_id, algo $algo, key_size $key_size, usages $usages" + local key_id=$(cat $key_generate_output | grep "Key ID" | awk -F ": " '{print $2}') + + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id > $key_recover_output" + command="pki -d $TEMP_NSS_DB -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n $user3 -c $TEMP_NSS_DB_PASSWORD kra-key-recover --keyID $key_id " + + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Asymmetric key recovery using $user3's cert should fail" + #Add user $user3 to Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-usertest3-020_3.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-usertest3-020_3.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-usertest3-020_3.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find $user3 > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-usertest3-020_4.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-usertest3-020_4.out" + + #Trying to perform Asymmetric key recovery using $user3's cert should succeed + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id > $key_recover_output" + rlRun "pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id > $key_recover_output_2" 0 "Recover key $key_id as $user3 cert" + local recover_request_id=$(cat $key_recover_output_2 | grep "Request ID" | awk -F ": " '{print $2}') + rlAssertGrep "Key ID: $key_id" "$key_recover_output_2" + rlAssertGrep "Type: securityDataRecovery" "$key_recover_output_2" + rlAssertGrep "Status: svc_pending" "$key_recover_output_2" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-add-020: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) kra-user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_kra_user_cli_user_membership-add-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u$i > $TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del userall > $TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del user1 > $TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u19 > $TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-kra-user-del-kra-user-membership-add-user-del-kra-u19-001.out" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del testuser$i > $TmpDir/pki-kra-user-membership-add-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-kra-user-membership-add-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-kra-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-del.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-del.sh new file mode 100755 index 000000000..3f3f8c5db --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-del.sh @@ -0,0 +1,849 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI kra-user-membership-del KRA CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-membership-add-kra.sh +###################################################################################### + +run_pki-kra-user-cli-kra-user-membership-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$kra_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups kra-group-find + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-002: pki kra-user-membership-del --help configuration test" + rlRun "pki kra-user-membership-del --help > $TmpDir/pki_kra_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki kra-user-membership-del --help" + rlAssertGrep "usage: kra-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_kra_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-003: pki kra-user-membership-del configuration test" + rlRun "pki kra-user-membership-del > $TmpDir/pki_kra_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki kra-user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_kra_user_membership_del_2_cfg.out" + rlAssertGrep "usage: kra-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_kra_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-004: Delete kra-user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-user-membership-add-kra-user-add-kra-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u$i > $TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-user-membership-add-kra-user-show-kra-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u$i \"$gid\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u$i > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del u$i \"$gid\" > $TmpDir/pki-kra-user-membership-del-groupdel-del-kra-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-kra-user-membership-del-groupdel-del-kra-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-005: Delete kra-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-user-membership-add-kra-user-add-kra-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add userall \"$gid\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall > $TmpDir/pki-kra-user-membership-add-groupadd-find-kra-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-add-groupadd-find-kra-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del userall \"$gid\" > $TmpDir/pki-kra-user-membership-del-groupadd-kra-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-kra-user-membership-del-groupadd-kra-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add user1 \"Administrators\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del user1 > $TmpDir/pki-kra-user-membership-del-groupadd-kra-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: kra-user-membership-del <User ID> <Group ID>" "$TmpDir/pki-kra-user-membership-del-groupadd-kra-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-kra-user-membership-add-kra-user-add-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add user2 \"Administrators\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del \"\" \"Administrators\" > $TmpDir/pki-kra-user-membership-del-groupadd-kra-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-kra-user-membership-del-groupadd-kra-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-008: Should not be able to kra-user-membership-del using a revoked cert KRA_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete kra-user-membership using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-009: Should not be able to kra-user-membership-del using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete kra-user-membership using a revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-010: Should not be able to kra-user-membership-del using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete kra-user-membership using a valid agent cert KRA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-011: Should not be able to kra-user-membership-del using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-del using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-012: Should not be able to kra-user-membership-del using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-del using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-013: Should not be able to kra-user-membership-del using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-del using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-014: Should not be able to kra-user-membership-del using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-del using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-015: Should not be able to kra-user-membership-del using KRA_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-016: Delete kra-user-membership for user fullname with i18n characters" + rlLog "kra-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-user-membership-add-groupadd-kra-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-user-membership-del-groupadd-kra-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-del-groupadd-kra-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-del-groupadd-kra-017_2.out" + rlLog "Delete kra-user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-kra-user-membership-del-017_3.out" \ + 0 \ + "Delete kra-user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u10 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-017_4.out" \ + 0 \ + "Find kra-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-017: Delete kra-user-membership for user fullname with i18n characters" + rlLog "kra-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-kra-kra-user-add-kra-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-kra-kra-user-add-kra-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-kra-user-add-kra-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-user-membership-del-groupadd-kra-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-del-groupadd-kra-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-del-groupadd-kra-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-user-membership-del-groupadd-del-kra-018_3.out" \ + 0 \ + "Delete kra-user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-del-groupadd-del-kra-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u11 > $TmpDir/pki-kra-user-membership-del-groupadd-del-kra-018_4.out" \ + 0 \ + "Find kra-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-user-membership-del-groupadd-del-kra-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-018: Delete kra-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-kra-user-membership-del-kra-user-del-kra-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-kra-user-membership-del-kra-user-del-kra-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-kra-user-membership-del-kra-user-del-kra-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-kra-user-membership-del-kra-user-del-kra-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete kra-user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-kra-user-membership-del-kra-user-del-kra-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-kra-user-membership-del-kra-user-del-kra-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-user-membership-del-kra-user-del-kra-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-kra-user-membership-del-kra-user-del-kra-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u12 \"$groupid4\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u12 \"$groupid1\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-find Administrators > $TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-find \"$groupid1\" > $TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u12 > $TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-find $groupid4 > $TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-member-find \"$groupid1\" > $TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-user-membership-del-kra-user-add-kra-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-kra-kra-user-add-kra-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-kra-kra-user-add-kra-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-kra-user-add-kra-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-kra-kra-user-add-kra-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-kra-user-membership-del-groupdel-del-kra-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-kra-user-membership-del-groupdel-del-kra-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-del-021: User deleted from the Data Recovery Manager Agents group can not perform asymmetric key recovery" + local user3="testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-kra-user-membership-add-groupadd-kra-22.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-22.out" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local rand=$RANDOM + local client_id=temp$rand + local algo=AES + local action=NULL + local key_size=128 + local usages=wrap + local key_generate_output=$TmpDir/key-generate.out + local key_recover_output=$TmpDir/key-recover.out + local key_recover_output_2=$TmpDir/key-recover-2.out + rlRun "generate_key $client_id $algo $key_size $usages $action $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) ${KRA_INST}_agentV $key_generate_output" \ + 0 "Generate Symmetric key with client $client_id, algo $algo, key_size $key_size, usages $usages" + local key_id=$(cat $key_generate_output | grep "Key ID" | awk -F ": " '{print $2}') + + #Trying to perform Asymmetric key recovery using $user3's cert should succeed + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id > $key_recover_output" + rlRun "pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id > $key_recover_output" 0 "Recover key $key_id as $user3 cert" + local recover_request_id=$(cat $key_recover_output | grep "Request ID" | awk -F ": " '{print $2}') + rlAssertGrep "Key ID: $key_id" "$key_recover_output" + rlAssertGrep "Type: securityDataRecovery" "$key_recover_output" + rlAssertGrep "Status: svc_pending" "$key_recover_output" + + #Delete $user3 from Data Recovery Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-del $user3 \"$groupid1\" > $TmpDir/pki-kra-user-membership-del-groupdel-del-kra-022_3.out" \ + 0 \ + "User deleted from group \"$groupid1\"" + rlAssertGrep "Deleted membership in group \"$groupid1\"" "$TmpDir/pki-kra-user-membership-del-groupdel-del-kra-022_3.out" + + #Trying to perform Asymmetric key recovery using $user3's cert should fail + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id" + command="pki -d $TEMP_NSS_DB -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n $user3 -c $TEMP_NSS_DB_PASSWORD kra-key-recover --keyID $key_id " + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Asymmetric key recovery using $user3's cert should fail" + rlPhaseEnd + + rlPhaseStartCleanup "pki_kra_user_cli_kra_user_membership-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u$i > $TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del userall > $TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del user1 > $TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del user2 > $TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-del-kra-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del user123 > $TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del testuser1 > $TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-kra-kra-user-del-kra-user-membership-find-kra-user-del-kra-testuser1.out" + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-kra-kra-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-kra-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-find.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-find.sh new file mode 100755 index 000000000..08605b519 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-find.sh @@ -0,0 +1,722 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-kra-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-kra-user-membership-find Find KRA user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-kra-user-membership-find.sh +###################################################################################### + +run_pki-kra-user-cli-kra-user-membership-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$kra_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups kra-group-find + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-002: pki kra-user-membership-find --help configuration test" + rlRun "pki kra-user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki kra-user-membership-find --help" + rlAssertGrep "usage: kra-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-003: pki kra-user-membership-find configuration test" + rlRun "pki kra-user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki kra-user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: kra-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-004: Find kra-user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-user-membership-find-user-find-kra-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-user-membership-find-user-find-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-user-membership-find-user-find-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-user-membership-find-user-find-kra-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u$i > $TmpDir/pki-kra-user-membership-find-user-show-kra-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-kra-user-membership-find-user-show-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-user-membership-find-user-show-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-user-membership-find-user-show-kra-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u$i \"$gid\" > $TmpDir/pki-kra-user-membership-find-groupadd-kra-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u$i > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-00$i.out" \ + 0 \ + "Find kra-user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-005: Find kra-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-user-membership-find-user-find-kra-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-user-membership-find-user-find-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-user-membership-find-user-find-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-user-membership-find-user-find-kra-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show userall > $TmpDir/pki-kra-user-membership-find-user-show-kra-userall-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-kra-user-membership-find-user-show-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-user-membership-find-user-show-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-user-membership-find-user-show-kra-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add userall \"$gid\" > $TmpDir/pki-kra-user-membership-find-groupadd-kra-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-userall-00$i.out" \ + 0 \ + "Find kra-user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-006: Find kra-user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=5 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Group: $groupid7" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Group: $groupid8" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Number of entries returned 3" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-007: Find all kra-user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=0 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-002.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-008: Find kra-user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=-1 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-003.out" \ + 0 \ + "Checking kra-user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-003.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-009: Find kra-user-memberships when page start greater than available number of groups (start=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=9 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-004.out" \ + 0 \ + "Checking kra-user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-010: Should not be able to find kra-user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD kra-user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-011: Find kra-user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=0 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-012: Find kra-user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=1 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-013: Find kra-user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=2 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-014: Find kra-user-memberships when page size is 9 (size=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=9 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-009.out" 0 \ + "user_membership-find with size parameter as 9" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-009.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-015: Find kra-user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=100 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-0010.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-016: Find kra-user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=-1 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-017: Should not be able to find kra-user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-018: Find kra-user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=6 --size=5 > $TmpDir/pki-kra-user-membership-find-019.out" \ + 0 \ + "Find kra-user-membership with page start and page size option" + rlAssertGrep "8 entries matched" "$TmpDir/pki-kra-user-membership-find-019.out" + i=7 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-kra-user-membership-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-kra-user-membership-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-019: Find kra-user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --size=$maximum_check > $TmpDir/pki-kra-user-membership-find-020.out 2>&1" \ + 255 \ + "Find kra-user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-kra-user-membership-find-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-020: Find kra-user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find userall --start=$maximum_check > $TmpDir/pki-kra-user-membership-find-021.out 2>&1" \ + 255 \ + "Find kra-user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-kra-user-membership-find-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-021: Should not be able to kra-user-membership-find using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-022: Should not be able to kra-user-membership-find using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-023: Should not be able to kra-user-membership-find using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using a valid agent KRA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-024: Should not be able to kra-user-membership-find using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using a expired admin KRA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-025: Should not be able to kra-user-membership-find using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using a expired agent KRA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-026: Should not be able to kra-user-membership-find using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using a valid auditor KRA_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-027: Should not be able to kra-user-membership-find using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using a valid operator KRA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-028: Should not be able to kra-user-membership-find using KRA_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD kra-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-029:Find kra-user-membership for user fullname with i18n characters" + rlLog "kra-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-user-membership-add-groupadd-kra-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-user-membership-add-groupadd-kra-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-user-membership-find-groupadd-kra-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u9 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-031_3.out" \ + 0 \ + "Find kra-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-030: Find kra-user-membership for user fullname with i18n characters" + rlLog "kra-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-kra-user-add-kra-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-kra-user-add-kra-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-user-add-kra-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-user-membership-find-groupadd-kra-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-find-groupadd-kra-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-membership-find u10 > $TmpDir/pki-kra-user-membership-find-groupadd-find-kra-032_3.out" \ + 0 \ + "Find kra-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-kra-user-membership-find-groupadd-find-kra-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_membership-find-031: Find kra-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-kra-user-membership-find-user-find-kra-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-kra-user-membership-find-user-find-kra-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-kra-user-membership-find-user-find-kra-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-kra-user-membership-find-user-find-kra-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST kra-user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-kra-user-membership-find-user-find-kra-033_2.out" 0 "Find kra-user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-user-membership-find-user-find-kra-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_kra_user_cli_user_membership-find-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u$i > $TmpDir/pki-kra-user-del-kra-user-membership-find-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-kra-user-del-kra-user-membership-find-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del userall > $TmpDir/pki-kra-user-del-kra-user-membership-find-user-del-kra-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-kra-user-del-kra-user-membership-find-user-del-kra-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del user123 > $TmpDir/pki-kra-user-del-kra-user-membership-find-user-del-kra-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-kra-user-del-kra-user-membership-find-user-del-kra-user123.out" + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-kra-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-show.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-show.sh new file mode 100755 index 000000000..4200d8da8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-show.sh @@ -0,0 +1,1124 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI kra-user-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-user-cli-kra-user-show Show KRA users +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-show.sh +###################################################################################### + +######################################################################## +run_pki-kra-user-cli-kra-user-show_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$kra_instance_created" = "TRUE" ] ; then + #local variables + user1=kra_agent2 + user1fullname="Test kra_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + rlPhaseStartTest "pki_kra_user_show-configtest: pki kra-user-show configuration test" + rlRun "pki kra-user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki kra-user-show" + rlAssertGrep "usage: kra-user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out" + rlPhaseEnd + + ##### Tests to show KRA users #### + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-001: Add user to KRA using KRA_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user1 > $TmpDir/pki-kra-user-show-001.out" \ + 0 \ + "Show user $user1" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-kra-user-show-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-show-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user2 > $TmpDir/pki-kra-user-show-001_1.out" \ + 0 \ + "Show $user2 user" + rlAssertGrep "User \"$user2\"" "$TmpDir/pki-kra-user-show-001_1.out" + actual_userid_string=`cat $TmpDir/pki-kra-user-show-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user3 > $TmpDir/pki-kra-user-show-001_2.out" \ + 0 \ + "Show $user3 user" + rlAssertGrep "User \"$user3\"" "$TmpDir/pki-kra-user-show-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-kra-user-show-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user4 > $TmpDir/pki-kra-user-show-001_3.out" \ + 0 \ + "Show $user4 user" + rlAssertGrep "User \"$user4\"" "$TmpDir/pki-kra-user-show-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-kra-user-show-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user5 > $TmpDir/pki-kra-user-show-001_4.out" \ + 0 \ + "Show $user5 user" + rlAssertGrep "User \"$user5\"" "$TmpDir/pki-kra-user-show-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-kra-user-show-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user6 > $TmpDir/pki-kra-user-show-001_5.out" \ + 0 \ + "Show $user6 user" + rlAssertGrep "User \"$user6\"" "$TmpDir/pki-kra-user-show-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-kra-user-show-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show $user7 > $TmpDir/pki-kra-user-show-001_6.out" \ + 0 \ + "Show user $user7" + rlAssertGrep "User \"$user7\"" "$TmpDir/pki-kra-user-show-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-kra-user-show-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u1 > $TmpDir/pki-kra-user-show-001_7.out" \ + 0 \ + "Show user u1" + rlAssertGrep "User \"u1\"" "$TmpDir/pki-kra-user-show-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-kra-user-show-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_7.out" + actual_email_string=`cat $TmpDir/pki-kra-user-show-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u2 > $TmpDir/pki-kra-user-show-001_8.out" \ + 0 \ + "Show user u2" + rlAssertGrep "User \"u2\"" "$TmpDir/pki-kra-user-show-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-kra-user-show-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_8.out" + actual_email_string=`cat $TmpDir/pki-kra-user-show-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u3 > $TmpDir/pki-kra-user-show-001_9.out" \ + 0 \ + "Add user u3" + rlAssertGrep "User \"u3\"" "$TmpDir/pki-kra-user-show-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-kra-user-show-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-kra-user-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u4 > $TmpDir/pki-kra-user-show-001_10.out" \ + 0 \ + "Show user u4 using ${prefix}_adminV" + rlAssertGrep "User \"u4\"" "$TmpDir/pki-kra-user-show-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-kra-user-show-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-kra-user-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u5 > $TmpDir/pki-kra-user-show-001_11.out" \ + 0 \ + "Show user u5 using ${prefix}_adminV" + rlAssertGrep "User \"u5\"" "$TmpDir/pki-kra-user-show-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-kra-user-show-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-kra-user-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u6 > $TmpDir/pki-kra-user-show-001_12.out" \ + 0 \ + "Show user u6 using ${prefix}_adminV" + rlAssertGrep "User \"u6\"" "$TmpDir/pki-kra-user-show-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-kra-user-show-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-kra-user-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u7 > $TmpDir/pki-kra-user-show-001_13.out" \ + 0 \ + "Show user u7 using ${prefix}_adminV" + rlAssertGrep "User \"u7\"" "$TmpDir/pki-kra-user-show-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-kra-user-show-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_13.out" + actual_state_string=`cat $TmpDir/pki-kra-user-show-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-kra-user-show-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-kra-user-show-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u8 > $TmpDir/pki-kra-user-show-001_14.out" \ + 0 \ + "Show user u8 using ${prefix}_adminV" + rlAssertGrep "User \"u8\"" "$TmpDir/pki-kra-user-show-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-kra-user-show-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_14.out" + actual_state_string=`cat $TmpDir/pki-kra-user-show-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-kra-user-show-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-kra-user-show-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u9 > $TmpDir/pki-kra-user-show-001_15.out" \ + 0 \ + "Show user u9 using ${prefix}_adminV" + rlAssertGrep "User \"u9\"" "$TmpDir/pki-kra-user-show-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-user-show-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-kra-user-show-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u10 > $TmpDir/pki-kra-user-show-001_16.out" \ + 0 \ + "Show user u10 using ${prefix}_adminV" + rlAssertGrep "User \"u10\"" "$TmpDir/pki-kra-user-show-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-user-show-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-kra-user-show-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u11 > $TmpDir/pki-kra-user-show-001_17.out" \ + 0 \ + "Show user u11 using ${prefix}_adminV" + rlAssertGrep "User \"u11\"" "$TmpDir/pki-kra-user-show-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-user-show-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-kra-user-show-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u12 > $TmpDir/pki-kra-user-show-001_18.out" \ + 0 \ + "Show pki ${prefix}_adminV user" + rlAssertGrep "User \"u12\"" "$TmpDir/pki-kra-user-show-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-user-show-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-kra-user-show-001_18.out" + rlPhaseEnd + + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u13 > $TmpDir/pki-kra-user-show-001_19.out" \ + 0 \ + "Show user u13 using ${prefix}_adminV" + rlAssertGrep "User \"u13\"" "$TmpDir/pki-kra-user-show-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-user-show-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-show-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u14 > $TmpDir/pki-kra-user-show-001_24.out" \ + 0 \ + "Show user u14 using ${prefix}_adminV" + rlAssertGrep "User \"u14\"" "$TmpDir/pki-kra-user-show-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-kra-user-show-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-kra-user-show-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u15 > $TmpDir/pki-kra-user-show-001_25.out" \ + 0 \ + "Show user u15 using ${prefix}_adminV" + rlAssertGrep "User \"u15\"" "$TmpDir/pki-kra-user-show-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-kra-user-show-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-kra-user-show-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u16 > $TmpDir/pki-kra-user-show-001_26.out" \ + 0 \ + "Show user u16 using ${prefix}_adminV" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-show-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-show-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-kra-user-show-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u17 > $TmpDir/pki-kra-user-show-001_27.out" \ + 0 \ + "Show user u17 using ${prefix}_adminV" + rlAssertGrep "User \"u17\"" "$TmpDir/pki-kra-user-show-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-kra-user-show-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-kra-user-show-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u18 > $TmpDir/pki-kra-user-show-001_28.out" \ + 0 \ + "Show user u18 using ${prefix}_adminV" + rlAssertGrep "User \"u18\"" "$TmpDir/pki-kra-user-show-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-kra-user-show-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-kra-user-show-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u19 > $TmpDir/pki-kra-user-show-001_29.out" \ + 0 \ + "Show user u19 using ${prefix}_adminV" + rlAssertGrep "User \"u19\"" "$TmpDir/pki-kra-user-show-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-kra-user-show-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-kra-user-show-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u20 > $TmpDir/pki-kra-user-show-001_30.out" \ + 0 \ + "Show user u20 using ${prefix}_adminV" + rlAssertGrep "User \"u20\"" "$TmpDir/pki-kra-user-show-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-kra-user-show-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-kra-user-show-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u21 > $TmpDir/pki-kra-user-show-001_31.out" \ + 0 \ + "Show user u21 using ${prefix}_adminV" + rlAssertGrep "User \"u21\"" "$TmpDir/pki-kra-user-show-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-kra-user-show-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-show-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-kra-user-show-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-029: Show user with -t kra option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + kra-user-show u22 > $TmpDir/pki-kra-user-show-001_32.out" \ + 0 \ + "Show user u22 using ${prefix}_adminV" + rlAssertGrep "User \"u22\"" "$TmpDir/pki-kra-user-show-001_32.out" + rlAssertGrep "User ID: u22" "$TmpDir/pki-kra-user-show-001_32.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-show-001_32.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u23 > $TmpDir/pki-kra-user-show-001_33.out" \ + 0 \ + "Show user u23 using ${prefix}_adminV" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-kra-user-show-001_33.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-kra-user-show-001_33.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-show-001_33.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-show-001_33.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-show-001_33.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-kra-user-show-001_33.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-show-001_33.out" + rlPhaseEnd + + #Negative Cases + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show U23 > $TmpDir/pki-kra-user-show-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-kra-user-show-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-kra-user-show-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-show-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-show-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-show-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-kra-user-show-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-033: Should not be able to show user using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-034: Should not be able to show user using a agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-035: Should not be able to show user using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-036: Should not be able to show user using a KRA_agentR user" + rlLog "To test error message consistency for the request pki_kra_user_cli_kra_user_show-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-037: Should not be able to show user using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-038: Should not be able to show user using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-039: Should not be able to show user using a KRA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-040: Should not be able to show user using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) kra-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u23 > $TmpDir/pki-kra-user-show-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-show-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_user_show-kra-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password kra-user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-kra-user-show-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-user-show-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show \"$user_length_exceed_max\" > $TmpDir/pki-kra-user-show-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-kra-user-show-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-044: user name with i18n characters" + rlLog "kra-user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-kra-user-show-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u24 > $TmpDir/pki-kra-user-show-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-kra-user-show-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-kra-user-show-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-kra-user-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_show-045: user name with i18n characters" + rlLog "kra-user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-kra-user-show-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-show u25 > $TmpDir/pki-kra-user-show-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-kra-user-show-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-kra-user-show-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-kra-user-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_kra_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance is not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-add.sh new file mode 100755 index 000000000..d7bfa1ae3 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-add.sh @@ -0,0 +1,1453 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-add Add users to pki OCSP subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-add.sh +######################################################################## +run_pki-ocsp-user-cli-ocsp-user-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_ocsp_user_cli-configtest: pki ocsp-user --help configuration test" + rlRun "pki ocsp-user --help > $TmpDir/pki_ocsp_user_cfg.out 2>&1" \ + 0 \ + "pki user --help" + rlAssertGrep "ocsp-user-find Find users" "$TmpDir/pki_ocsp_user_cfg.out" + rlAssertGrep "ocsp-user-show Show user" "$TmpDir/pki_ocsp_user_cfg.out" + rlAssertGrep "ocsp-user-add Add user" "$TmpDir/pki_ocsp_user_cfg.out" + rlAssertGrep "ocsp-user-mod Modify user" "$TmpDir/pki_ocsp_user_cfg.out" + rlAssertGrep "ocsp-user-del Remove user" "$TmpDir/pki_ocsp_user_cfg.out" + rlAssertGrep "ocsp-user-cert User certificate management commands" "$TmpDir/pki_ocsp_user_cfg.out" + rlAssertGrep "ocsp-user-membership User membership management commands" "$TmpDir/pki_ocsp_user_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-configtest: pki ocsp-user-add configuration test" + rlRun "pki ocsp-user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \ + 0 \ + "pki ocsp-user-add --help" + rlAssertGrep "usage: ocsp-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out" + rlPhaseEnd + + ##### Tests to add OCSP users using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-001: Add a user to OCSP using OCSP_adminV" + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-001.out" 0 "Add user $user1 to OCSP_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-ocsp-user-add-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-add-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test \"$user2\" > $TmpDir/pki-ocsp-user-add-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-ocsp-user-add-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-003:User id with # character" + user3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user3 > $TmpDir/pki-ocsp-user-add-001_2.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-ocsp-user-add-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-ocsp-user-add-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-004:User id with $ character" + user4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user4 > $TmpDir/pki-ocsp-user-add-001_3.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-ocsp-user-add-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-ocsp-user-add-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-005:User id with @ character" + user5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user5 > $TmpDir/pki-ocsp-user-add-001_4.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-ocsp-user-add-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-ocsp-user-add-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-006:User id with ? character" + user6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user6 > $TmpDir/pki-ocsp-user-add-001_5.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-ocsp-user-add-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-ocsp-user-add-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-007:User id as 0" + user7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user7 > $TmpDir/pki-ocsp-user-add-001_6.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-ocsp-user-add-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-ocsp-user-add-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-ocsp-user-add-001_7.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-ocsp-user-add-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-ocsp-user-add-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_7.out" + actual_email_string=`cat $TmpDir/pki-ocsp-user-add-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email='$email' u2 > $TmpDir/pki-ocsp-user-add-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-ocsp-user-add-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-ocsp-user-add-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_8.out" + actual_email_string=`cat $TmpDir/pki-ocsp-user-add-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-010:--email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=# u3 > $TmpDir/pki-ocsp-user-add-001_9.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-ocsp-user-add-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-ocsp-user-add-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-ocsp-user-add-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-011:--email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=* u4 > $TmpDir/pki-ocsp-user-add-001_10.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-ocsp-user-add-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-ocsp-user-add-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-ocsp-user-add-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-012:--email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=$ u5 > $TmpDir/pki-ocsp-user-add-001_11.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-ocsp-user-add-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-ocsp-user-add-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-ocsp-user-add-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-013:--email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=0 u6 > $TmpDir/pki-ocsp-user-add-001_12.out " \ + 0 \ + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-ocsp-user-add-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-ocsp-user-add-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-ocsp-user-add-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-ocsp-user-add-001_13.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-ocsp-user-add-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-ocsp-user-add-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_13.out" + actual_state_string=`cat $TmpDir/pki-ocsp-user-add-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-ocsp-user-add-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-ocsp-user-add-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state='$state' u8 > $TmpDir/pki-ocsp-user-add-001_14.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-ocsp-user-add-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-ocsp-user-add-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_14.out" + actual_state_string=`cat $TmpDir/pki-ocsp-user-add-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-ocsp-user-add-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-ocsp-user-add-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-016:--state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=# u9 > $TmpDir/pki-ocsp-user-add-001_15.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-ocsp-user-add-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-user-add-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-ocsp-user-add-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-017:--state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=* u10 > $TmpDir/pki-ocsp-user-add-001_16.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-ocsp-user-add-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-user-add-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-ocsp-user-add-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-018:--state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=$ u11 > $TmpDir/pki-ocsp-user-add-001_17.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-ocsp-user-add-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-user-add-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-ocsp-user-add-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-019:--state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=0 u12 > $TmpDir/pki-ocsp-user-add-001_18.out " \ + 0 \ + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-ocsp-user-add-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-user-add-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-ocsp-user-add-001_18.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-ocsp-user-add-001_19.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-ocsp-user-add-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-user-add-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-add-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-ocsp-user-add-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-ocsp-user-add-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-ocsp-user-add-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-022:--phone with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --phone=# usr2 > $TmpDir/pki-ocsp-user-add-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-ocsp-user-add-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-ocsp-user-add-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-023:--phone with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + ocsp-user-add --fullName=test --phone=* usr3 > $TmpDir/pki-ocsp-user-add-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-ocsp-user-add-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-ocsp-user-add-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-024:--phone with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-ocsp-user-add-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-ocsp-user-add-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-ocsp-user-add-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-025:--phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-ocsp-user-add-001_24.out " \ + 0 \ + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-ocsp-user-add-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-ocsp-user-add-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-ocsp-user-add-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-026:--type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-ocsp-user-add-001_25.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-ocsp-user-add-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-ocsp-user-add-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-ocsp-user-add-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-027:--type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-ocsp-user-add-001_26.out" \ + 0 \ + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-ocsp-user-add-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-add-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-ocsp-user-add-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-028:--type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-ocsp-user-add-001_27.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-ocsp-user-add-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-ocsp-user-add-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-ocsp-user-add-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-029:--type Subsytem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-ocsp-user-add-001_28.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-ocsp-user-add-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-ocsp-user-add-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_28.out" + rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-ocsp-user-add-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-030:--type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-ocsp-user-add-001_29.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-ocsp-user-add-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-ocsp-user-add-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-ocsp-user-add-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-031:--type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-ocsp-user-add-001_30.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-ocsp-user-add-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-ocsp-user-add-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-ocsp-user-add-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-032:--type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-ocsp-user-add-001_31.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-ocsp-user-add-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-ocsp-user-add-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-ocsp-user-add-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-033:--type Dummy Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-ocsp-user-add-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-ocsp-user-add-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-ocsp-user-add-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-ocsp-user-add-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-ocsp-user-add-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-ocsp-user-add-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-034: Add a duplicate user to OCSP" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"New user\" $user1 > $TmpDir/pki-ocsp-user-add-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-ocsp-user-add-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-036: Add a user -- missing required option user id" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" > $TmpDir/pki-ocsp-user-add-004.out" \ + 255 \ + "Add user -- missing required option user id" + rlAssertGrep "usage: ocsp-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-ocsp-user-add-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-037: Add a user -- missing required option --fullName" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add $user1 > $TmpDir/pki-ocsp-user-add-005.out 2>&1" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-038: Add a user -- all options provided" + email="ocsp_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23 > $TmpDir/pki-ocsp-user-add-006_1.out" \ + 0 \ + "Add user u23 to OCSP -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-ocsp-user-add-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-ocsp-user-add-006_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-add-006_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-add-006_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-add-006_1.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-ocsp-user-add-006_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-add-006_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-039: Add user to multiple groups" + user=u24 + userfullname="Multiple Group User" + email="multiplegroup@myemail.com" + user_password="admin2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$userfullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + $user > $TmpDir/pki-ocsp-user-add-006.out " \ + 0 \ + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-ocsp-user-add-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-add-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-ocsp-user-add-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-add-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-add-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-add-006.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-add Administrators $user > $TmpDir/pki-ocsp-user-add-007_1.out" \ + 0 \ + "Add user $user to Administrators group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-ocsp-user-add-007_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-ocsp-user-add-007_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-find Administrators > $TmpDir/pki-ocsp-user-add-007.out" \ + 0 \ + "Show pki ocsp-group-member-find Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-add \"Online Certificate Status Manager Agents\" $user > $TmpDir/pki-ocsp-user-add-007_1_1.out" \ + 0 \ + "Add user $user to Online Certificate Status Manager Agents" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-ocsp-user-add-007_1_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-ocsp-user-add-007_1_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-find \"Online Certificate Status Manager Agents\" > $TmpDir/pki-ocsp-user-add-007_2.out" \ + 0 \ + "Show pki ocsp-group-member-find Online Certificate Status Manager Agents" + + rlAssertGrep "User: $user" "$TmpDir/pki-ocsp-user-add-007_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-040: Add user with --password less than 8 characters" + userpw="pass" + expmsg="PKIException: The password must be at least 8 characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-ocsp-user-add-008.out 2>&1" \ + 255 \ + "Add a user --must be at least 8 characters --password" + rlAssertGrep "$expmsg" "$TmpDir/pki-ocsp-user-add-008.out" + rlPhaseEnd + + ##### Tests to add users using revoked cert##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-041: Should not be able to add user using a revoked cert OCSP_adminR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-add-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-042: Should not be able to add user using a agent with revoked cert OCSP_agentR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-add-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add users using an agent user##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-043: Should not be able to add user using a valid agent OCSP_agentV user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-ocsp-user-add-agentV-002.out" + rlPhaseEnd + + ##### Tests to add users using OCSP_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-044: Should not be able to add user using a OCSP_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-add-agentUTCA-002.out" + rlPhaseEnd + + ##### Tests to add users using expired cert##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-045: Should not be able to add user using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-add-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-ocsp-user-add-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-046: Should not be able to add user using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-ocsp-user-add-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-ocsp-user-add-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add users using audit users##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-047: Should not be able to add user using a OCSP_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-ocsp-user-add-auditV-002.out" + rlPhaseEnd + + + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-048: Should not be able to add user using a OCSP_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-ocsp-user-add-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-049: Should not be able to add user using a cert created from a untrusted OCSP OCSP_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-ocsp-user-add-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-add-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-ocsp-user-add-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-ocsp-user-add-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-ocsp-user-add-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-051: fullname with i18n characters" + rlLog "ocsp-user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-ocsp-user-add-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-ocsp-user-add-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-ocsp-user-add-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-ocsp-user-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-052: fullname with i18n characters" + rlLog "ocsp-user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u27 > $TmpDir/pki-ocsp-user-add-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-ocsp-user-add-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-ocsp-user-add-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-ocsp-user-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-053: fullname with i18n characters" + rlLog "ocsp-user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-ocsp-user-add-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-ocsp-user-add-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-ocsp-user-add-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-ocsp-user-add-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u28 > $TmpDir/pki-ocsp-user-add-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-ocsp-user-add-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-ocsp-user-add-001_53_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-054: fullname with i18n characters" + rlLog "ocsp-user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-ocsp-user-add-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-ocsp-user-add-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-ocsp-user-add-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u29 > $TmpDir/pki-ocsp-user-add-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-ocsp-user-add-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-ocsp-user-add-001_54_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-055: fullname with i18n characters" + rlLog "ocsp-user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-ocsp-user-add-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-ocsp-user-add-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-ocsp-user-add-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u30 > $TmpDir/pki-ocsp-user-add-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-ocsp-user-add-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-ocsp-user-add-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-056: user id with i18n characters" + rlLog "ocsp-user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-057: userid with i18n characters" + rlLog "ocsp-user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-058: email address with i18n characters" + rlLog "ocsp-user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-059: email address with i18n characters" + rlLog "ocsp-user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-060: password with i18n characters" + rlLog "ocsp-user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-ocsp-user-add-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-ocsp-user-add-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u31 > $TmpDir/pki-ocsp-user-add-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-ocsp-user-add-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-061: password with i18n characters" + rlLog "ocsp-user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-ocsp-user-add-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-ocsp-user-add-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u32 > $TmpDir/pki-ocsp-user-add-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-ocsp-user-add-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-062: type with i18n characters" + rlLog "ocsp-user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-ocsp-user-add-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-ocsp-user-add-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-ocsp-user-add-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u33 > $TmpDir/pki-ocsp-user-add-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-ocsp-user-add-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-ocsp-user-add-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-063: type with i18n characters" + rlLog "ocsp-user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-ocsp-user-add-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-ocsp-user-add-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-ocsp-user-add-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u34 > $TmpDir/pki-ocsp-user-add-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-ocsp-user-add-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-ocsp-user-add-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-064: state with i18n characters" + rlLog "ocsp-user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state='čå' u35 > $TmpDir/pki-ocsp-user-add-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-ocsp-user-add-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-ocsp-user-add-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u35 > $TmpDir/pki-ocsp-user-add-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-ocsp-user-add-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-ocsp-user-add-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-065: state with i18n characters" + rlLog "ocsp-user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state='йč' u36 > $TmpDir/pki-ocsp-user-add-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-ocsp-user-add-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-ocsp-user-add-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u36 > $TmpDir/pki-ocsp-user-add-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-ocsp-user-add-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-ocsp-user-add-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-ocsp-user-add-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-add-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + ocsp-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + ocsp-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_add-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + ocsp-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + ocsp-user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del '$usr' > $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del $pki_user > $TmpDir/pki-ocsp-user-del-user-ocsp-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-ocsp-user-del-user-ocsp-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not created." + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-add.sh new file mode 100755 index 000000000..561b49769 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-add.sh @@ -0,0 +1,2290 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-cert-add Add certs to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-cert-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-ocsp-user-cli-ocsp-user-cert-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to OCSP users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_002crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_004crmf.out > $TmpDir/pki_ocsp_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_ocsp_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_005crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_ocsp_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-006-tier1: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_006crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-007: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add u1" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_009crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add Administrators admin_user > $TmpDir/pki-ocsp-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add Administrators admin_user1 > $TmpDir/pki-ocsp-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_ocsp_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-OCSP-0020: Adding a cert as a OCSP agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid OCSP agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid OCSP agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0021: Adding a cert as valid OCSP auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a OCSP auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0022: Adding a cert as OCSP_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $OCSP_HOST -p $OCSP_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $OCSP_HOST -p $OCSP_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as OCSP_agentUTCA ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0027: Adding a cert as OCSP_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user OCSP_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an OCSP_operatorV ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0028: Adding a cert as OCSP_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_ocsp_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT ocsp-user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ocsp-user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ocsp-group-member-add Administrators $userid > $TmpDir/pki-ocsp-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_ocsp_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_ocsp-user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_ocsp_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_ocsp_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ocsp-user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-ocsp-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-ocsp-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-delete.sh new file mode 100755 index 000000000..43255dfd3 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-delete.sh @@ -0,0 +1,842 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-cert-delete Delete the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-cert-delete.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-ocsp-user-cli-ocsp-user-cert-delete_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_ocsp_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to OCSP users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_ocsp_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_ocsp_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-003: pki ocsp-user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-004: pki ocsp-user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-005: pki ocsp-user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-006-tier1: pki ocsp-user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-007-tier1: pki ocsp-user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentV ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-008: Delete certs assigned to a user - as OCSP_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-ocsp-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_auditorV ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-009: Delete certs assigned to a user - as OCSP_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_adminE ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0010: Delete certs assigned to a user - as OCSP_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentE ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0011: Delete certs assigned to a user - as OCSP_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_adminR ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0012: Delete certs assigned to a user - as OCSP_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentR ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0013: Delete certs assigned to a user - as OCSP_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_operatorV ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-OCSP-0015: Delete certs assigned to a user - as OCSP_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to OCSP users - i18n characters #### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_ocsp_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_ocsp_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_cert-del-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add Administrators admin_user > $TmpDir/pki-ocsp-user-add-ocsp-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add Administrators admin_user1 > $TmpDir/pki-ocsp-user-add-ocsp-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_ocsp_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_ocsp_ocsp_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_ocsp_ocsp_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_ocsp_ocsp_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_ocsp_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_ocsp_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-find.sh new file mode 100755 index 000000000..bff62e8d9 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-find.sh @@ -0,0 +1,1073 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-cert-find Finding the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-ocsp-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-ocsp-user-cli-ocsp-user-cert-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a OCSP user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-002: Find the certs of a user in OCSP --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 > $TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-003: Find the certs of a user in OCSP --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 > $TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_ocsp_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-004: Find the certs of a user in OCSP --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-005: Find the certs of a user in OCSP --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user3 > $TmpDir/pki_ocsp_ocsp_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-006: Find the certs of a user in OCSP --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --size=2 > $TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=0 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-007: Find the certs of a user in OCSP --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --size=0 > $TmpDir/pki_ocsp_ocsp_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_ocsp_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=-1 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-008: Find the certs of a user in OCSP --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-009: Find the certs of a user in OCSP --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --size=50 > $TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-010: Find the certs of a user in OCSP --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --start=2 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-011: Find the certs of a user in OCSP --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --start=0 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-012: Find the certs of a user in OCSP --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=0 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=-1 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_ocsp_user_cert-find-013: Find the certs of a user in OCSP --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=50 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-014: Find the certs of a user in OCSP --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --start=50 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-015: Find the certs of a user in OCSP --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-016: Find the certs of a user in OCSP --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $newuserid --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $newuserid --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $newuserid --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $newuserid --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $newuserid > $TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-017: Find the certs of a user in OCSP --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-018: Find the certs of a user in OCSP --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-019: Find the certs of a user in OCSP --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-020: Find the certs of a user in OCSP --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-021: Find the certs of a user in OCSP --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to OCSP users - i18n characters #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_ocsp_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_ocsp_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-find $user1 > $TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_ocsp_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-023: Find the certs of a user as OCSP_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message ocsp-user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-024: Find the certs of a user as OCSP_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-025: Find the certs of a user as OCSP_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-026: Find the certs of a user as OCSP_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-027: Find the certs of a user as OCSP_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-028: Find the certs of a user as OCSP_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a user whose OCSP cert has not been trusted ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - userid is missing ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-ocsp-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-find-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-show.sh new file mode 100755 index 000000000..8fce6fecd --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-show.sh @@ -0,0 +1,1062 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-cert-show Show the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-cert-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-ocsp-user-cli-ocsp-user-cert-show_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to OCSP users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_002crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-003: pki ocsp-user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-004: pki ocsp-user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-005: pki ocsp-user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-006-tier1: pki ocsp-user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-007-tier1: pki ocsp-user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-009: pki ocsp-user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0010: pki ocsp-user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0012: pki ocsp-user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0013: pki ocsp-user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0014: pki ocsp-user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0015: pki ocsp-user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0017: pki ocsp-user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0018: pki ocsp-user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_pkcs10_output0019 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_crmf_output0019 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentV ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0020: Show certs assigned to a user - as OCSP_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_auditorV ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0021: Show certs assigned to a user - as OCSP_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_adminE ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0022: Show certs assigned to a user - as OCSP_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentE ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0023: Show certs assigned to a user - as OCSP_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_adminR ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0024: Show certs assigned to a user - as OCSP_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentR ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0025: Show certs assigned to a user - as OCSP_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP operator user ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0027: Show certs assigned to a user - as OCSP operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_pkcs10_output0028 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_crmf_output0028 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-0031: pki ocsp-user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to OCSP users - i18n characters #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-show-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert.sh new file mode 100755 index 000000000..33c62fa4e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-cert CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ocsp-user-cert cli commands needs to be tested: +# pki-ocsp-user-cert +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +# pki ocsp-user-cert ran without any options should show all the command line options of pki cert +run_pki-ocsp-user-cert() +{ +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + + rlPhaseStartSetup "Create Temporary Directory " + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-001: pki ocsp-user-cert help option" + local temp_out="$TmpDir/pki_user-cert" + rlLog "Executing pki ocsp-user-cert --help" + rlRun "pki ocsp-user-cert --help 1> $temp_out" 0 "pki ocsp-user-cert --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep "ocsp-user-cert-find Find user certificates" "$temp_out" + rlAssertGrep "ocsp-user-cert-show Show user certificate" "$temp_out" + rlAssertGrep "ocsp-user-cert-add Add user certificate" "$temp_out" + rlAssertGrep "ocsp-user-cert-del Remove user certificate" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-002: pki ocsp-user-cert with junk characters should return invalid module" + local temp_out1="$TmpDir/pki_ocsp-user-cert001" + local rand=`cat /dev/urandom | tr -dc 'a-zA-Z0-9*?$@#!%^&*()' | fold -w 40 | head -n 1` + rlLog "Executing pki ocsp-user-cert \"$rand\" characters" + rlRun "pki ocsp-user-cert \"$rand\" 2> $temp_out1" 255 "Command pki ocsp-user-cert with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki user-cert cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-del.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-del.sh new file mode 100755 index 000000000..b5efb3700 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-del.sh @@ -0,0 +1,694 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-del Delete pki subsystem OCSP users. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-del.sh +######################################################################## + +run_pki-ocsp-user-cli-ocsp-user-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$ocsp_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-configtest-001: pki ocsp-user-del --help configuration test" + rlRun "pki ocsp-user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki ocsp-user-del --help" + rlAssertGrep "usage: ocsp-user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-configtest-002: pki ocsp-user-del configuration test" + rlRun "pki ocsp-user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki ocsp-user-del" + rlAssertGrep "usage: ocsp-user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-user-del-user1-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-user-del-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del USER_ABC > $TmpDir/pki-ocsp-user-del-user-002_1.out" \ + 0 \ + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-ocsp-user-del-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del > $TmpDir/pki-ocsp-user-del-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: ocsp-user-del <User ID>" "$TmpDir/pki-ocsp-user-del-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test \"$user2\" > $TmpDir/pki-ocsp-user-add-ocsp-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del \"$user2\" > $TmpDir/pki-ocsp-user-del-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-ocsp-user-del-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test '$userid' > $TmpDir/pki-ocsp-user-add-ocsp-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del '$userid' > $TmpDir/pki-ocsp-user-del-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-ocsp-user-del-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show '$userid' > $TmpDir/pki-ocsp-user-del-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-ocsp-user-del-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test ocsp_agent" + email="ocsp_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-ocsp-user-add-ocsp-008.out" \ + 0 \ + "Add user $user1 to OCSP -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user1 \"$gid\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del $user1 > $TmpDir/pki-ocsp-user-del-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-ocsp-user-del-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-ocsp-user-add-ocsp-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + ocsp-user-del u22 > $TmpDir/pki-ocsp-user-del-user-009.out" \ + 0 \ + "Deleting user u22 using -t ocsp option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-ocsp-user-del-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-010: Should not be able to delete user using a revoked cert OCSP_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-ocsp-user-add-ocsp-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u23 > $TmpDir/pki-ocsp-user-show-ocsp-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-ocsp-user-show-ocsp-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-ocsp-user-show-ocsp-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-ocsp-user-show-ocsp-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-011: Should not be able to delete user using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u23 > $TmpDir/pki-ocsp-user-show-ocsp-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-ocsp-user-show-ocsp-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-ocsp-user-show-ocsp-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-ocsp-user-show-ocsp-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u23 > $TmpDir/pki-ocsp-user-del-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-012: Should not be able to delete user using a valid agent OCSP_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-ocsp-user-add-ocsp-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-ocsp-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-ocsp-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-ocsp-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-ocsp-user-show-ocsp-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-013: Should not be able to delete user using a admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-ocsp-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-ocsp-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-ocsp-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-ocsp-user-show-ocsp-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-014: Should not be able to delete a user using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-ocsp-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-ocsp-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-ocsp-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-ocsp-user-show-ocsp-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-015: Should not be able to delete user using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-ocsp-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-ocsp-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-ocsp-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-ocsp-user-show-ocsp-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-016: Should not be able to delete user using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-ocsp-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-ocsp-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-ocsp-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-ocsp-user-show-ocsp-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-ocsp-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-ocsp-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-ocsp-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-ocsp-user-show-ocsp-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-ocsp-user-del-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-del-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-ocsp-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-ocsp-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-ocsp-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-ocsp-user-show-ocsp-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u24 > $TmpDir/pki-ocsp-user-del-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-019: delete user name with i18n characters" + rlLog "ocsp-user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-ocsp-user-add-ocsp-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-ocsp-user-add-ocsp-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-ocsp-user-add-ocsp-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u19 > $TmpDir/pki-ocsp-user-del-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-ocsp-user-del-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_del-020: delete username with i18n characters" + rlLog "ocsp-user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-ocsp-user-add-ocsp-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-ocsp-user-add-ocsp-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-ocsp-user-add-ocsp-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u20 > $TmpDir/pki-ocsp-user-del-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-ocsp-user-del-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_ocsp_user_cli_ocsp_user_del_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-find.sh new file mode 100755 index 000000000..a533a71fa --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-find.sh @@ -0,0 +1,750 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-find To list users in OCSP. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-find.sh +######################################################################## + +run_pki-ocsp-user-cli-ocsp-user-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$ocsp_instance_created" = "TRUE" ] ; then + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_ocsp_user_cli_ocsp_user_find-startup-addusers: Add users" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-configtest-001: pki ocsp-user-find --help configuration test" + rlRun "pki ocsp-user-find --help > $TmpDir/ocsp_user_find.out 2>&1" 0 "pki ocsp-user-find --help" + rlAssertGrep "usage: ocsp-user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/ocsp_user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/ocsp_user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/ocsp_user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/ocsp_user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/ocsp_user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-configtest-002: pki ocsp-user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-find > $TmpDir/ocsp_user_find_2.out 2>&1" 255 "pki ocsp-user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/ocsp_user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-003: Find 5 users, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-001.out 2>&1" \ + 0 \ + "Found 5 users" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-ocsp-ocsp-user-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-004: Find non user, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=0 > $TmpDir/pki-ocsp-ocsp-user-find-002.out 2>&1" \ + 0 \ + "Found no users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-ocsp-user-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-005: Find all users, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$large_num > $TmpDir/pki-ocsp-ocsp-user-find-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-ocsp-ocsp-user-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check > $TmpDir/pki-ocsp-ocsp-user-find-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-ocsp-ocsp-user-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check > $TmpDir/pki-ocsp-ocsp-user-find-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-ocsp-ocsp-user-find-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=-1 > $TmpDir/pki-ocsp-ocsp-user-find-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-ocsp-user-find-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-009: Find users for size input as noninteger, --size=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$size_noninteger > $TmpDir/pki-ocsp-ocsp-user-find-005.out 2>&1" \ + 255 \ + "No users returned" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-ocsp-ocsp-user-find-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-010: Find users, check for no input --size=" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size= > $TmpDir/pki-ocsp-ocsp-user-find-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-ocsp-ocsp-user-find-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find > $TmpDir/pki-ocsp-ocsp-user-find-007_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_10=`cat $TmpDir/pki-ocsp-ocsp-user-find-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=10 > $TmpDir/pki-ocsp-ocsp-user-find-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-ocsp-ocsp-user-find-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-ocsp-user-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-012: Find users, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=10000 > $TmpDir/pki-ocsp-ocsp-user-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-ocsp-user-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=$maximum_check > $TmpDir/pki-ocsp-ocsp-user-find-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-ocsp-user-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=$maximum_check > $TmpDir/pki-ocsp-ocsp-user-find-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-ocsp-ocsp-user-find-008_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=0 > $TmpDir/pki-ocsp-ocsp-user-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-ocsp-user-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=-1 > $TmpDir/pki-ocsp-ocsp-user-find-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-ocsp-ocsp-user-find-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-017: Find users for size input as noninteger, --start=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=$size_noninteger > $TmpDir/pki-ocsp-ocsp-user-find-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-ocsp-ocsp-user-find-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start= > $TmpDir/pki-ocsp-ocsp-user-find-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-ocsp-ocsp-user-find-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find > $TmpDir/pki-ocsp-ocsp-user-find-00_13_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_12=`cat $TmpDir/pki-ocsp-ocsp-user-find-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=12 --size=12 > $TmpDir/pki-ocsp-ocsp-user-find-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-ocsp-ocsp-user-find-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-ocsp-ocsp-user-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find > $TmpDir/pki-ocsp-ocsp-user-find-00_14_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_12=`cat $TmpDir/pki-ocsp-ocsp-user-find-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=12 --size=0 > $TmpDir/pki-ocsp-ocsp-user-find-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-ocsp-user-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-021: Should not be able to find user using a revoked cert OCSP_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-ocsp-user-find-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-022: Should not be able to find users using an agent with revoked cert OCSP_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-ocsp-user-find-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-023: Should not be able to find users using a valid agent OCSP_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-ocsp-ocsp-user-find-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-ocsp-user-find-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-025: Should not be able to find users using admin user with expired cert OCSP_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-ocsp-user-find-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-ocsp-ocsp-user-find-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-026: Should not be able to find users using OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-ocsp-user-find-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-ocsp-ocsp-user-find-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-027: Should not be able to find users using a OCSP_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-ocsp-ocsp-user-find-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-028: Should not be able to find users using a OCSP_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-ocsp-ocsp-user-find-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + ocsp-user-find --start=1 --size=5 > $TmpDir/pki-ocsp-ocsp-user-find-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-ocsp-user-find-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + ocsp-user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password ocsp-user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-ocsp-ocsp-user-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-ocsp-user-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "ocsp-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-ocsp-ocsp-user-find-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check > $TmpDir/pki-ocsp-user-show-ocsp-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-ocsp-user-show-ocsp-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-ocsp-user-show-ocsp-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_find-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "ocsp-user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u26 > $TmpDir/pki-ocsp-user-show-ocsp-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-find --size=$maximum_check > $TmpDir/pki-ocsp-user-show-ocsp-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-ocsp-user-show-ocsp-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-ocsp-user-show-ocsp-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-ocsp-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-ocsp-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-ocsp-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-add.sh new file mode 100755 index 000000000..7abd6b247 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-add.sh @@ -0,0 +1,797 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI user-cli-ocsp-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-membership-add Add OCSP user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-membership-add.sh +###################################################################################### + +######################################################################## +run_pki-ocsp-user-cli-ocsp-user-membership-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$ocsp_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-002: pki ocsp-user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership > $TmpDir/pki_ocsp_user_membership_cfg.out 2>&1" \ + 0 \ + "pki ocsp-user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_ocsp_user_membership_cfg.out" + rlAssertGrep "ocsp-user-membership-find Find user memberships" "$TmpDir/pki_ocsp_user_membership_cfg.out" + rlAssertGrep "ocsp-user-membership-add Add user membership" "$TmpDir/pki_ocsp_user_membership_cfg.out" + rlAssertGrep "ocsp-user-membership-del Remove user membership" "$TmpDir/pki_ocsp_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-003: pki ocsp-user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-add --help > $TmpDir/pki_ocsp_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki ocsp-user-membership-add --help" + rlAssertGrep "usage: ocsp-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_ocsp_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-004: pki ocsp-user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-add > $TmpDir/pki_ocsp_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki ocsp-user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_ocsp_user_membership_add_2_cfg.out" + rlAssertGrep "usage: ocsp-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_ocsp_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-005: Add users to available groups using valid admin user OCSP_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-user-membership-add-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-user-membership-add-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-user-membership-add-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-user-membership-add-user-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u$i > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u$i \"$gid\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u$i > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-006: Add a user to all available groups using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-user-membership-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-user-membership-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-user-membership-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-user-membership-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show userall > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add userall \"$gid\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-ocsp-user-membership-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-ocsp-user-membership-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-user-membership-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-user-membership-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show user1 > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-user1-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add user1 \"Administrators\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD ocsp-user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-ocsp-user-membership-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD ocsp-user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-009: Should be able to ocsp-user-membership-add user name with i18n characters" + rlLog "ocsp-user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD ocsp-user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-ocsp-user-membership-add-groupadd-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-ocsp-user-membership-add-groupadd-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD ocsp-user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-010: Should be able to ocsp-user-membership-add user to group id with i18n characters" + rlLog "ocsp-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-user-membership-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-user-membership-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u10 > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-011: Should not be able to ocsp-user-membership-add using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminR -c $CERTDB_DIR_PASSWORD ocsp-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-add using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-012: Should not be able to ocsp-user-membership-add using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD ocsp-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-add using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-013: Should not be able to ocsp-user-membership-add using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminE -c $CERTDB_DIR_PASSWORD ocsp-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-add using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-014: Should not be able to ocsp-user-membership-add using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-add using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-015: Should not be able to ocsp-user-membership-add using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD ocsp-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-add using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-016: Should not be able to ocsp-user-membership-add using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-add using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-017: Should not be able to ocsp-user-membership-add using OCSP_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-ocsp-user-membership-add-user-add-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user2 \"$gid\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find $user2 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-ocsp-$user2-019.out" \ + 0 \ + "Find ocsp-user-membership to groups of $user2" + rlAssertGrep "7 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-ocsp-$user2-019.out" + rlAssertGrep "Number of entries returned 7" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-ocsp-$user2-019.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-ocsp-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-ocsp-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $OCSP_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${OCSP_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-ocsp-user-add-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-ocsp-user-add-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-ocsp-user-membership-add-groupadd-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find $user2 > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-usertest1-019_3.out" \ + 0 \ + "Check ocsp-user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test_user u19 > $TmpDir/pki-ocsp-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlPhaseEnd + + #Usability test + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-019: User associated with Certificate Manager Agents group only can list CAs" + local user3="testuser3" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_user3\" $user3 > $TmpDir/pki-ocsp-user-membership-add-user-add-user3-019.out" \ + 0 \ + "Adding user $user3" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user3 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user3 \"$gid\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-$user3-00$i.out" \ + 0 \ + "Adding user to all groups except Data Recovery Manager Agents group - now adding to \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-$user3-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-$user3-00$i.out" + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User3\" \"$user3\" \ + \"$user3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $OCSP_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user3 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_020_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${OCSP_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-cert-add $user3 --input $TmpDir/validcert_020_1.pem > $TmpDir/useraddcert_020_2.out" \ + 0 \ + "Cert is added to the user $user3" + + rlLog "Check $user3 is not in group Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find $user3 > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-usertest3-020_1.out" \ + 0 \ + "Check ocsp-user-membership to group \"$groupid1\"" + rlAssertNotGrep "Group: $groupid1" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-usertest3-020_1.out" + + #Trying to perform List CAs using $user3's cert should fail + local request_header_out="$TmpDir/request_header_out" + rlRun "export SSL_DIR=$TmpDir" + command="curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\"" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Trying to perform List CAs using $user3's cert should fail" + + #Add user $user3 to Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-usertest3-020_3.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-usertest3-020_3.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-ocsp-user-membership-add-groupadd-usertest3-020_3.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find $user3 > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-usertest3-020_4.out" \ + 0 \ + "Check ocsp-user-membership to group \"$groupid1\"" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-usertest3-020_4.out" + + #Trying to perform List CAs using $user3's cert should succeed + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$request_header_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-add-020: Should not be able to add ocsp-user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ocsp-user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add ocsp-user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_ocsp_user_cli_ocsp_user_membership-add-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del userall > $TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del user1 > $TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u19 > $TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-ocsp-user-del-ocsp-ocsp-user-membership-add-user-del-ocsp-u19-001.out" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del testuser$i > $TmpDir/pki-ocsp-user-membership-add-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-ocsp-user-membership-add-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-del.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-del.sh new file mode 100755 index 000000000..6b3bc1078 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-del.sh @@ -0,0 +1,822 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-membership-del OCSP CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-membership-add-ocsp.sh +###################################################################################### + +run_pki-ocsp-user-cli-ocsp-user-membership-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups ocsp-group-find + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-002: pki ocsp-user-membership-del --help configuration test" + rlRun "pki ocsp-user-membership-del --help > $TmpDir/pki_ocsp_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki ocsp-user-membership-del --help" + rlAssertGrep "usage: ocsp-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_ocsp_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-003: pki ocsp-user-membership-del configuration test" + rlRun "pki ocsp-user-membership-del > $TmpDir/pki_ocsp_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki ocsp-user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_ocsp_user_membership_del_2_cfg.out" + rlAssertGrep "usage: ocsp-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_ocsp_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-004: Delete ocsp-user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u$i > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u$i \"$gid\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u$i > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del u$i \"$gid\" > $TmpDir/pki-ocsp-user-membership-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-ocsp-user-membership-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-005: Delete ocsp-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add userall \"$gid\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall > $TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-add-groupadd-find-ocsp-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del userall \"$gid\" > $TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add user1 \"Administrators\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del user1 > $TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: ocsp-user-membership-del <User ID> <Group ID>" "$TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-ocsp-user-membership-add-ocsp-user-add-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add user2 \"Administrators\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del \"\" \"Administrators\" > $TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-008: Should not be able to ocsp-user-membership-del using a revoked cert OCSP_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete ocsp-user-membership using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-009: Should not be able to ocsp-user-membership-del using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete ocsp-user-membership using a revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-010: Should not be able to ocsp-user-membership-del using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete ocsp-user-membership using a valid agent cert OCSP_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-011: Should not be able to ocsp-user-membership-del using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-del using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-012: Should not be able to ocsp-user-membership-del using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-del using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-013: Should not be able to ocsp-user-membership-del using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-del using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-014: Should not be able to ocsp-user-membership-del using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-del using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-015: Should not be able to ocsp-user-membership-del using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-016: Delete ocsp-user-membership for user fullname with i18n characters" + rlLog "ocsp-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-017_2.out" + rlLog "Delete ocsp-user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-user-membership-del-017_3.out" \ + 0 \ + "Delete ocsp-user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u10 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-ocsp-017_4.out" \ + 0 \ + "Find ocsp-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-ocsp-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-017: Delete ocsp-user-membership for user fullname with i18n characters" + rlLog "ocsp-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-ocsp-user-add-ocsp-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-ocsp-user-add-ocsp-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-user-add-ocsp-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-del-groupadd-ocsp-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-user-membership-del-groupadd-del-018_3.out" \ + 0 \ + "Delete ocsp-user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-del-groupadd-del-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u11 > $TmpDir/pki-ocsp-user-membership-del-groupadd-del-018_4.out" \ + 0 \ + "Find ocsp-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-user-membership-del-groupadd-del-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-018: Delete ocsp-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-ocsp-user-membership-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-ocsp-user-membership-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-ocsp-user-membership-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-ocsp-user-membership-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete ocsp-user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-ocsp-user-membership-del-user-del-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-ocsp-user-membership-del-user-del-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-user-membership-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-ocsp-user-membership-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u12 \"$groupid4\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u12 \"$groupid1\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-find Administrators > $TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-find \"$groupid1\" > $TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u12 > $TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-find $groupid4 > $TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-member-find \"$groupid1\" > $TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-ocsp-user-membership-del-user-add-ocsp-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-ocsp-user-add-ocsp-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-ocsp-user-add-ocsp-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-user-add-ocsp-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-ocsp-user-add-ocsp-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-ocsp-user-membership-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-ocsp-user-membership-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_ocsp-user_cli_ocsp_user_membership-del-021: User deleted from the Data Recovery Manager Agents group can not list CAs" + local user3="testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-22.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-22.out" + + #Trying to perform List CAs using $user3's cert should succeed + rlRun "export SSL_DIR=$TmpDir" + local request_header_out="$TmpDir/request_header_out" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$request_header_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + + #Delete $user3 from Online Certificate Status Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-del $user3 \"$groupid1\" > $TmpDir/pki-ocsp-user-membership-del-groupdel-del-022_3.out" \ + 0 \ + "User deleted from group \"$groupid1\"" + rlAssertGrep "Deleted membership in group \"$groupid1\"" "$TmpDir/pki-ocsp-user-membership-del-groupdel-del-022_3.out" + + + #Trying to perform List CAs using $user3's cert should fail + local request_header_out="$TmpDir/request_header_out" + rlRun "export SSL_DIR=$TmpDir" + command="curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\"" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Trying to perform List CAs using $user3's cert should fail" + rlPhaseEnd + + rlPhaseStartCleanup "pki_ocsp-user_cli_ocsp_user_membership-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-user-del-user-membership-del-user-del-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-user-del-user-membership-del-user-del-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del userall > $TmpDir/pki-ocsp-user-del-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-ocsp-user-del-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del user1 > $TmpDir/pki-ocsp-user-del-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-ocsp-user-del-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del user2 > $TmpDir/pki-ocsp-user-del-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-ocsp-user-del-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del user123 > $TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del testuser1 > $TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-ocsp-user-del-user-membership-find-ocsp-user-del-testuser1.out" + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-user-del-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-del-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-find.sh new file mode 100755 index 000000000..61501f833 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-find.sh @@ -0,0 +1,722 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI user-cli-ocsp-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-membership-find Find OCSP user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-membership-find.sh +###################################################################################### + +run_pki-ocsp-user-cli-ocsp-user-membership-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups ocsp-group-find + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-002: pki ocsp-user-membership-find --help configuration test" + rlRun "pki ocsp-user-membership-find --help > $TmpDir/pki_ocsp_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki ocsp-user-membership-find --help" + rlAssertGrep "usage: ocsp-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_ocsp_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_ocsp_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_ocsp_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-003: pki ocsp-user-membership-find configuration test" + rlRun "pki ocsp-user-membership-find > $TmpDir/pki_ocsp_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki ocsp-user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_ocsp_user_membership_find_2_cfg.out" + rlAssertGrep "usage: ocsp-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_ocsp_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_ocsp_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_ocsp_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-004: Find ocsp-user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-user-membership-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-user-membership-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-user-membership-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-user-membership-find-user-find-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u$i > $TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u$i \"$gid\" > $TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u$i > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-00$i.out" \ + 0 \ + "Find ocsp-user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-005: Find ocsp-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-user-membership-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-user-membership-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-user-membership-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-user-membership-find-user-find-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show userall > $TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-user-membership-find-ocsp-user-show-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add userall \"$gid\" > $TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find ocsp-user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-006: Find ocsp-user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=5 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Group: $groupid7" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Group: $groupid8" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 3" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-007: Find all ocsp-user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=0 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-008: Find ocsp-user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=-1 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-003.out" \ + 0 \ + "Checking ocsp-user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-003.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-009: Find ocsp-user-memberships when page start greater than available number of groups (start=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=9 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-004.out" \ + 0 \ + "Checking ocsp-user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-010: Should not be able to find ocsp-user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD ocsp-user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-011: Find ocsp-user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=0 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-012: Find ocsp-user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=1 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-013: Find ocsp-user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=2 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-014: Find ocsp-user-memberships when page size is 9 (size=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=9 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-009.out" 0 \ + "user_membership-find with size parameter as 9" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-015: Find ocsp-user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=100 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-016: Find ocsp-user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=-1 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-017: Should not be able to find ocsp-user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-018: Find ocsp-user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=6 --size=5 > $TmpDir/pki-ocsp-user-membership-find-019.out" \ + 0 \ + "Find ocsp-user-membership with page start and page size option" + rlAssertGrep "8 entries matched" "$TmpDir/pki-ocsp-user-membership-find-019.out" + i=7 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-ocsp-user-membership-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-ocsp-user-membership-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-019: Find ocsp-user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --size=$maximum_check > $TmpDir/pki-ocsp-user-membership-find-020.out 2>&1" \ + 255 \ + "Find ocsp-user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-ocsp-user-membership-find-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-020: Find ocsp-user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find userall --start=$maximum_check > $TmpDir/pki-ocsp-user-membership-find-021.out 2>&1" \ + 255 \ + "Find ocsp-user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-ocsp-user-membership-find-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-021: Should not be able to ocsp-user-membership-find using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-022: Should not be able to ocsp-user-membership-find using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-023: Should not be able to ocsp-user-membership-find using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using a valid agent OCSP_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-024: Should not be able to ocsp-user-membership-find using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using a expired admin OCSP_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-025: Should not be able to ocsp-user-membership-find using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using a expired agent OCSP_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-026: Should not be able to ocsp-user-membership-find using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using a valid auditor OCSP_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-027: Should not be able to ocsp-user-membership-find using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using a valid operator OCSP_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-028: Should not be able to ocsp-user-membership-find using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD ocsp-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-029:Find ocsp-user-membership for user fullname with i18n characters" + rlLog "ocsp-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-user-membership-add-groupadd-ocsp-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u9 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-031_3.out" \ + 0 \ + "Find ocsp-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-030: Find ocsp-user-membership for user fullname with i18n characters" + rlLog "ocsp-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-ocsp-user-add-ocsp-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-ocsp-user-add-ocsp-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-user-add-ocsp-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-find-groupadd-ocsp-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-membership-find u10 > $TmpDir/pki-ocsp-user-membership-find-groupadd-find-032_3.out" \ + 0 \ + "Find ocsp-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-user-membership-find-groupadd-find-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_membership-find-031: Find ocsp-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-ocsp-user-membership-find-user-find-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-ocsp-user-membership-find-user-find-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-ocsp-user-membership-find-user-find-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-ocsp-user-membership-find-user-find-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ocsp-user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-ocsp-user-membership-find-user-find-033_2.out" 0 "Find ocsp-user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-user-membership-find-user-find-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_ocsp_user_cli_ocsp_user_membership-find-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-user-del-ocsp-user-membership-find-ocsp-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-membership-find-ocsp-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del userall > $TmpDir/pki-ocsp-user-del-ocsp-user-membership-find-ocsp-user-del-ocsp-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-membership-find-ocsp-user-del-ocsp-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del user123 > $TmpDir/pki-ocsp-user-del-ocsp-user-membership-find-ocsp-user-del-ocsp-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-membership-find-ocsp-user-del-ocsp-user123.out" + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-mod.sh new file mode 100755 index 000000000..a931156ce --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-mod.sh @@ -0,0 +1,1080 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-mod Modify existing users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-ocsp-user-cli-ocsp-user-mod_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + OCSP_HOST=$(eval echo \$${MYROLE}) + OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + user1=ocsp_user + user1fullname="Test ocsp user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test ocsp user modified" + user1_mod_email="testocspuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-002: Modify a user's fullname in OCSP using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-ocsp-ocsp-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-ocsp-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-ocsp-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-003: Modify a user's email,phone,state,password in OCSP using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-ocsp-ocsp-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-ocsp-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-ocsp-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-ocsp-ocsp-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-ocsp-ocsp-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-ocsp-ocsp-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-ocsp-ocsp-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-ocsp-ocsp-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-ocsp-ocsp-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-ocsp-ocsp-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-ocsp-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=\"$randsym\" u2 > $TmpDir/pki-ocsp-ocsp-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-ocsp-ocsp-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-ocsp-ocsp-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-ocsp-ocsp-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=# u3 > $TmpDir/pki-ocsp-ocsp-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-ocsp-ocsp-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-ocsp-ocsp-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-ocsp-ocsp-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=* u4 > $TmpDir/pki-ocsp-ocsp-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-ocsp-ocsp-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-ocsp-ocsp-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-ocsp-ocsp-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=$ u5 > $TmpDir/pki-ocsp-ocsp-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-ocsp-ocsp-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-ocsp-ocsp-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-ocsp-ocsp-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=0 u6 > $TmpDir/pki-ocsp-ocsp-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-ocsp-ocsp-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-ocsp-ocsp-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-ocsp-ocsp-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-ocsp-ocsp-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-ocsp-ocsp-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-ocsp-ocsp-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-ocsp-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state=\"$randsym\" u8 > $TmpDir/pki-ocsp-ocsp-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-ocsp-ocsp-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-ocsp-ocsp-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-ocsp-ocsp-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state=# u9 > $TmpDir/pki-ocsp-ocsp-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-ocsp-ocsp-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-ocsp-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-ocsp-ocsp-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state=* u10 > $TmpDir/pki-ocsp-ocsp-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-ocsp-ocsp-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-ocsp-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-ocsp-ocsp-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state=$ u11 > $TmpDir/pki-ocsp-ocsp-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-ocsp-ocsp-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-ocsp-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-ocsp-ocsp-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --state=0 u12 > $TmpDir/pki-ocsp-ocsp-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-ocsp-ocsp-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-ocsp-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-ocsp-ocsp-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-ocsp-ocsp-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-ocsp-ocsp-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-ocsp-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-ocsp-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 90000 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + special_symbols="@#*$" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --phone='$randsym$special_symbols' u13" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --phone=\"$randsym\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --phone=\"$randsym\" u13 > $TmpDir/pki-ocsp-ocsp-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-ocsp-ocsp-user-mod-018.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-ocsp-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-ocsp-ocsp-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --phone=-1230 u14 > $TmpDir/pki-ocsp-ocsp-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-ocsp-ocsp-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-ocsp-ocsp-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-ocsp-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-ocsp-ocsp-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-023: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-024: Modify a user -- all options provided" + email="ocsp_user2@myemail.com" + user_password="ocspuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-ocsp-ocsp-user-mod-025.out" \ + 0 \ + "Modify user u15 to OCSP -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-ocsp-ocsp-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-ocsp-ocsp-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-ocsp-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-ocsp-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-ocsp-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-032: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as OCSP_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted OCSP users##### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-034: Should not be able to modify user using a cert created from a untrusted OCSP role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName='$user1fullname' u18" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-036: Modify a user in OCSP using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-037: Modify a user in OCSP using OCSP admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show u16 > $TmpDir/pki-ocsp-ocsp-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-ocsp-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-ocsp-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-ocsp-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-ocsp-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-ocsp-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=\"\" u16 > $TmpDir/pki-ocsp-ocsp-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-ocsp-ocsp-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-ocsp-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-ocsp-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-ocsp-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-038: Modify a user in OCSP using OCSP_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show u16 > $TmpDir/pki-ocsp-ocsp-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-ocsp-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-ocsp-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-ocsp-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-ocsp-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-039: Modify a user in OCSP using an admin user in OCSP - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show u16 > $TmpDir/pki-ocsp-ocsp-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-ocsp-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-ocsp-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-ocsp-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify OCSP users with the same value #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-040: Modify a user in OCSP using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show $user1 > $TmpDir/pki-ocsp-ocsp-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-ocsp-ocsp-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-ocsp-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-ocsp-ocsp-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-ocsp-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-ocsp-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-041: Modify a user in OCSP using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show u16 > $TmpDir/pki-ocsp-ocsp-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-ocsp-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-ocsp-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-ocsp-ocsp-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --email=\"$email\" u16 > $TmpDir/pki-ocsp-ocsp-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-ocsp-ocsp-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-ocsp-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-ocsp-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify OCSP users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-042: Modify a user's fullname having i18n chars in OCSP using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-ocsp-ocsp-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-ocsp-ocsp-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-ocsp-ocsp-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-ocsp-ocsp-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify OCSP users having i18n chars in email #### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_mod-043: Modify a user's email having i18n chars in OCSP using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_ocsp_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del usr$i > $TmpDir/pki-usr-del-ocsp-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-ocsp-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del $i18nuser > $TmpDir/pki-ocsp-user-del-ocsp-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-ocsp-user-del-ocsp-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-show.sh new file mode 100755 index 000000000..d3681c7c1 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-show.sh @@ -0,0 +1,1125 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-user-cli +# Description: PKI ocsp-user-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-user-cli-ocsp-user-show Show OCSP users +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-show.sh +###################################################################################### + +######################################################################## +run_pki-ocsp-user-cli-ocsp-user-show_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + #local variables + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + rlPhaseStartTest "pki_ocsp_user_show-configtest: pki ocsp-user-show configuration test" + rlRun "pki ocsp-user-show --help > $TmpDir/pki_ocsp_user_show_cfg.out 2>&1" \ + 0 \ + "pki ocsp-user-show" + rlAssertGrep "usage: ocsp-user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_ocsp_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_ocsp_user_show_cfg.out" + rlPhaseEnd + + ##### Tests to show OCSP users #### + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-001: Add user to OCSP using OCSP_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user1 > $TmpDir/pki-ocsp-user-show-001.out" \ + 0 \ + "Show user $user1" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-ocsp-user-show-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-show-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user2 > $TmpDir/pki-ocsp-user-show-001_1.out" \ + 0 \ + "Show $user2 user" + rlAssertGrep "User \"$user2\"" "$TmpDir/pki-ocsp-user-show-001_1.out" + actual_userid_string=`cat $TmpDir/pki-ocsp-user-show-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user3 > $TmpDir/pki-ocsp-user-show-001_2.out" \ + 0 \ + "Show $user3 user" + rlAssertGrep "User \"$user3\"" "$TmpDir/pki-ocsp-user-show-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-ocsp-user-show-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user4 > $TmpDir/pki-ocsp-user-show-001_3.out" \ + 0 \ + "Show $user4 user" + rlAssertGrep "User \"$user4\"" "$TmpDir/pki-ocsp-user-show-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-ocsp-user-show-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user5 > $TmpDir/pki-ocsp-user-show-001_4.out" \ + 0 \ + "Show $user5 user" + rlAssertGrep "User \"$user5\"" "$TmpDir/pki-ocsp-user-show-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-ocsp-user-show-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user6 > $TmpDir/pki-ocsp-user-show-001_5.out" \ + 0 \ + "Show $user6 user" + rlAssertGrep "User \"$user6\"" "$TmpDir/pki-ocsp-user-show-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-ocsp-user-show-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show $user7 > $TmpDir/pki-ocsp-user-show-001_6.out" \ + 0 \ + "Show user $user7" + rlAssertGrep "User \"$user7\"" "$TmpDir/pki-ocsp-user-show-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-ocsp-user-show-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u1 > $TmpDir/pki-ocsp-user-show-001_7.out" \ + 0 \ + "Show user u1" + rlAssertGrep "User \"u1\"" "$TmpDir/pki-ocsp-user-show-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-ocsp-user-show-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_7.out" + actual_email_string=`cat $TmpDir/pki-ocsp-user-show-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u2 > $TmpDir/pki-ocsp-user-show-001_8.out" \ + 0 \ + "Show user u2" + rlAssertGrep "User \"u2\"" "$TmpDir/pki-ocsp-user-show-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-ocsp-user-show-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_8.out" + actual_email_string=`cat $TmpDir/pki-ocsp-user-show-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u3 > $TmpDir/pki-ocsp-user-show-001_9.out" \ + 0 \ + "Add user u3" + rlAssertGrep "User \"u3\"" "$TmpDir/pki-ocsp-user-show-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-ocsp-user-show-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-ocsp-user-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u4 > $TmpDir/pki-ocsp-user-show-001_10.out" \ + 0 \ + "Show user u4 using ${prefix}_adminV" + rlAssertGrep "User \"u4\"" "$TmpDir/pki-ocsp-user-show-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-ocsp-user-show-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-ocsp-user-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u5 > $TmpDir/pki-ocsp-user-show-001_11.out" \ + 0 \ + "Show user u5 using ${prefix}_adminV" + rlAssertGrep "User \"u5\"" "$TmpDir/pki-ocsp-user-show-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-ocsp-user-show-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-ocsp-user-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u6 > $TmpDir/pki-ocsp-user-show-001_12.out" \ + 0 \ + "Show user u6 using ${prefix}_adminV" + rlAssertGrep "User \"u6\"" "$TmpDir/pki-ocsp-user-show-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-ocsp-user-show-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-ocsp-user-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u7 > $TmpDir/pki-ocsp-user-show-001_13.out" \ + 0 \ + "Show user u7 using ${prefix}_adminV" + rlAssertGrep "User \"u7\"" "$TmpDir/pki-ocsp-user-show-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-ocsp-user-show-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_13.out" + actual_state_string=`cat $TmpDir/pki-ocsp-user-show-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-ocsp-user-show-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-ocsp-user-show-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u8 > $TmpDir/pki-ocsp-user-show-001_14.out" \ + 0 \ + "Show user u8 using ${prefix}_adminV" + rlAssertGrep "User \"u8\"" "$TmpDir/pki-ocsp-user-show-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-ocsp-user-show-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_14.out" + actual_state_string=`cat $TmpDir/pki-ocsp-user-show-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-ocsp-user-show-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-ocsp-user-show-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u9 > $TmpDir/pki-ocsp-user-show-001_15.out" \ + 0 \ + "Show user u9 using ${prefix}_adminV" + rlAssertGrep "User \"u9\"" "$TmpDir/pki-ocsp-user-show-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-user-show-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-ocsp-user-show-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u10 > $TmpDir/pki-ocsp-user-show-001_16.out" \ + 0 \ + "Show user u10 using ${prefix}_adminV" + rlAssertGrep "User \"u10\"" "$TmpDir/pki-ocsp-user-show-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-user-show-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-ocsp-user-show-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u11 > $TmpDir/pki-ocsp-user-show-001_17.out" \ + 0 \ + "Show user u11 using ${prefix}_adminV" + rlAssertGrep "User \"u11\"" "$TmpDir/pki-ocsp-user-show-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-user-show-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-ocsp-user-show-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u12 > $TmpDir/pki-ocsp-user-show-001_18.out" \ + 0 \ + "Show pki ${prefix}_adminV user" + rlAssertGrep "User \"u12\"" "$TmpDir/pki-ocsp-user-show-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-user-show-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-ocsp-user-show-001_18.out" + rlPhaseEnd + + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u13 > $TmpDir/pki-ocsp-user-show-001_19.out" \ + 0 \ + "Show user u13 using ${prefix}_adminV" + rlAssertGrep "User \"u13\"" "$TmpDir/pki-ocsp-user-show-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-user-show-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-show-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u14 > $TmpDir/pki-ocsp-user-show-001_24.out" \ + 0 \ + "Show user u14 using ${prefix}_adminV" + rlAssertGrep "User \"u14\"" "$TmpDir/pki-ocsp-user-show-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-ocsp-user-show-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-ocsp-user-show-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u15 > $TmpDir/pki-ocsp-user-show-001_25.out" \ + 0 \ + "Show user u15 using ${prefix}_adminV" + rlAssertGrep "User \"u15\"" "$TmpDir/pki-ocsp-user-show-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-ocsp-user-show-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-ocsp-user-show-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u16 > $TmpDir/pki-ocsp-user-show-001_26.out" \ + 0 \ + "Show user u16 using ${prefix}_adminV" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-show-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-show-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-ocsp-user-show-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u17 > $TmpDir/pki-ocsp-user-show-001_27.out" \ + 0 \ + "Show user u17 using ${prefix}_adminV" + rlAssertGrep "User \"u17\"" "$TmpDir/pki-ocsp-user-show-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-ocsp-user-show-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-ocsp-user-show-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u18 > $TmpDir/pki-ocsp-user-show-001_28.out" \ + 0 \ + "Show user u18 using ${prefix}_adminV" + rlAssertGrep "User \"u18\"" "$TmpDir/pki-ocsp-user-show-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-ocsp-user-show-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-ocsp-user-show-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u19 > $TmpDir/pki-ocsp-user-show-001_29.out" \ + 0 \ + "Show user u19 using ${prefix}_adminV" + rlAssertGrep "User \"u19\"" "$TmpDir/pki-ocsp-user-show-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-ocsp-user-show-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-ocsp-user-show-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u20 > $TmpDir/pki-ocsp-user-show-001_30.out" \ + 0 \ + "Show user u20 using ${prefix}_adminV" + rlAssertGrep "User \"u20\"" "$TmpDir/pki-ocsp-user-show-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-ocsp-user-show-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-ocsp-user-show-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u21 > $TmpDir/pki-ocsp-user-show-001_31.out" \ + 0 \ + "Show user u21 using ${prefix}_adminV" + rlAssertGrep "User \"u21\"" "$TmpDir/pki-ocsp-user-show-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-ocsp-user-show-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-show-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-ocsp-user-show-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-029: Show user with -t ocsp option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + ocsp-user-show u22 > $TmpDir/pki-ocsp-user-show-001_32.out" \ + 0 \ + "Show user u22 using ${prefix}_adminV" + rlAssertGrep "User \"u22\"" "$TmpDir/pki-ocsp-user-show-001_32.out" + rlAssertGrep "User ID: u22" "$TmpDir/pki-ocsp-user-show-001_32.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-show-001_32.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u23 > $TmpDir/pki-ocsp-user-show-001_33.out" \ + 0 \ + "Show user u23 using ${prefix}_adminV" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-ocsp-user-show-001_33.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-ocsp-user-show-001_33.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-show-001_33.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-show-001_33.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-show-001_33.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-ocsp-user-show-001_33.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-show-001_33.out" + rlPhaseEnd + + #Negative Cases + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show U23 > $TmpDir/pki-ocsp-user-show-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-ocsp-user-show-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-ocsp-user-show-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-show-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-show-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-show-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-ocsp-user-show-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-033: Should not be able to show user using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-034: Should not be able to show user using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-035: Should not be able to show user using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-036: Should not be able to show user using a OCSP_agentR user" + rlLog "To test error message consistency for the request pki_ocsp_user_cli_ocsp_user_show-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-037: Should not be able to show user using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-038: Should not be able to show user using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-039: Should not be able to show user using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-040: Should not be able to show user using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) ocsp-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u23 > $TmpDir/pki-ocsp-user-show-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-show-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password ocsp-user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-ocsp-user-show-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-user-show-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show \"$user_length_exceed_max\" > $TmpDir/pki-ocsp-user-show-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-ocsp-user-show-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-044: user name with i18n characters" + rlLog "ocsp-user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-ocsp-user-show-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u24 > $TmpDir/pki-ocsp-user-show-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-ocsp-user-show-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-ocsp-user-show-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-ocsp-user-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_show-045: user name with i18n characters" + rlLog "ocsp-user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-ocsp-user-show-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-show u25 > $TmpDir/pki-ocsp-user-show-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-ocsp-user-show-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-ocsp-user-show-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-ocsp-user-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del u$i > $TmpDir/pki-ocsp-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + ocsp-user-del $usr > $TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-ocsp-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance is not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-add.sh new file mode 100755 index 000000000..6d1104505 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-add.sh @@ -0,0 +1,1450 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-add Add users to pki TKS subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-add.sh +######################################################################## +run_pki-tks-user-cli-tks-user-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_tks_user_cli_tks_user_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$tks_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_tks_user_cli-configtest: pki tks-user --help configuration test" + rlRun "pki tks-user --help > $TmpDir/pki_user_cfg.out 2>&1" \ + 0 \ + "pki tks-user --help" + rlAssertGrep "tks-user-find Find users" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "tks-user-show Show user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "tks-user-add Add user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "tks-user-mod Modify user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "tks-user-del Remove user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "tks-user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "tks-user-membership User membership management commands" "$TmpDir/pki_user_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-configtest: pki tks-user-add configuration test" + rlRun "pki tks-user-add --help > $TmpDir/pki_tks_user_add_cfg.out 2>&1" \ + 0 \ + "pki tks-user-add --help" + rlAssertGrep "usage: tks-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_tks_user_add_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_tks_user_add_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_tks_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_user_add_cfg.out" + rlAssertGrep "\--password <password> Password" "$TmpDir/pki_tks_user_add_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_tks_user_add_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_tks_user_add_cfg.out" + rlAssertGrep "\--type <type> Type" "$TmpDir/pki_tks_user_add_cfg.out" + rlPhaseEnd + + ##### Tests to add TKS users using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-001: Add a user to TKS using TKS_adminV" + user1=tks_agent2 + user1fullname="Test tks_agent" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-001.out" 0 "Add user $user1 to TKS_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-tks-user-add-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-add-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test \"$user2\" > $TmpDir/pki-tks-user-add-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-tks-user-add-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-003:User id with # character" + user3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user3 > $TmpDir/pki-tks-user-add-001_2.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-tks-user-add-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-tks-user-add-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-004:User id with $ character" + user4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user4 > $TmpDir/pki-tks-user-add-001_3.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-tks-user-add-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-tks-user-add-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-005:User id with @ character" + user5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user5 > $TmpDir/pki-tks-user-add-001_4.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-tks-user-add-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-tks-user-add-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-006:User id with ? character" + user6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user6 > $TmpDir/pki-tks-user-add-001_5.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-tks-user-add-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-tks-user-add-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-007:User id as 0" + user7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user7 > $TmpDir/pki-tks-user-add-001_6.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-tks-user-add-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-tks-user-add-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-tks-user-add-001_7.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-tks-user-add-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tks-user-add-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_7.out" + actual_email_string=`cat $TmpDir/pki-tks-user-add-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email='$email' u2 > $TmpDir/pki-tks-user-add-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-tks-user-add-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tks-user-add-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_8.out" + actual_email_string=`cat $TmpDir/pki-tks-user-add-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-010:--email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=# u3 > $TmpDir/pki-tks-user-add-001_9.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-tks-user-add-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tks-user-add-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tks-user-add-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-011:--email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=* u4 > $TmpDir/pki-tks-user-add-001_10.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-tks-user-add-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tks-user-add-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tks-user-add-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-012:--email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=$ u5 > $TmpDir/pki-tks-user-add-001_11.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-tks-user-add-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tks-user-add-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tks-user-add-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-013:--email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=0 u6 > $TmpDir/pki-tks-user-add-001_12.out " \ + 0 \ + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-tks-user-add-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tks-user-add-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tks-user-add-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-tks-user-add-001_13.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-tks-user-add-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tks-user-add-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_13.out" + actual_state_string=`cat $TmpDir/pki-tks-user-add-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tks-user-add-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-tks-user-add-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state='$state' u8 > $TmpDir/pki-tks-user-add-001_14.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-tks-user-add-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tks-user-add-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_14.out" + actual_state_string=`cat $TmpDir/pki-tks-user-add-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tks-user-add-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-tks-user-add-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-016:--state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=# u9 > $TmpDir/pki-tks-user-add-001_15.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tks-user-add-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-user-add-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-tks-user-add-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-017:--state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=* u10 > $TmpDir/pki-tks-user-add-001_16.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tks-user-add-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-user-add-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-tks-user-add-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-018:--state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=$ u11 > $TmpDir/pki-tks-user-add-001_17.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tks-user-add-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-user-add-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tks-user-add-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-019:--state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=0 u12 > $TmpDir/pki-tks-user-add-001_18.out " \ + 0 \ + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tks-user-add-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-user-add-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tks-user-add-001_18.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-tks-user-add-001_19.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-tks-user-add-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tks-user-add-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-add-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-tks-user-add-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tks-user-add-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tks-user-add-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-022:--phone with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone=# usr2 > $TmpDir/pki-tks-user-add-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tks-user-add-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tks-user-add-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-023:--phone with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone=* usr3 > $TmpDir/pki-tks-user-add-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tks-user-add-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tks-user-add-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-024:--phone with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-tks-user-add-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tks-user-add-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tks-user-add-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-025:--phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-tks-user-add-001_24.out " \ + 0 \ + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-tks-user-add-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tks-user-add-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tks-user-add-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-026:--type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-tks-user-add-001_25.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-tks-user-add-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tks-user-add-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-tks-user-add-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-027:--type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-tks-user-add-001_26.out" \ + 0 \ + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-tks-user-add-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-add-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-tks-user-add-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-028:--type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-tks-user-add-001_27.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-tks-user-add-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-tks-user-add-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-tks-user-add-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-029:--type Subsytem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-tks-user-add-001_28.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-tks-user-add-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-tks-user-add-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_28.out" + rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-tks-user-add-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-030:--type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-tks-user-add-001_29.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-tks-user-add-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tks-user-add-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-tks-user-add-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-031:--type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-tks-user-add-001_30.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tks-user-add-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tks-user-add-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-tks-user-add-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-032:--type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-tks-user-add-001_31.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-tks-user-add-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-tks-user-add-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-tks-user-add-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-033:--type Dummy Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-tks-user-add-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-tks-user-add-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-tks-user-add-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-tks-user-add-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-tks-user-add-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tks-user-add-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-034: Add a duplicate user to TKS" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"New user\" $user1 > $TmpDir/pki-tks-user-add-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-tks-user-add-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-036: Add a user -- missing required option user id" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" > $TmpDir/pki-tks-user-add-004.out" \ + 255 \ + "Add user -- missing required option user id" + rlAssertGrep "usage: tks-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-tks-user-add-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-037: Add a user -- missing required option --fullName" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add $user1 > $TmpDir/pki-tks-user-add-005.out 2>&1" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-038: Add a user -- all options provided" + email="tks_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23 > $TmpDir/pki-tks-user-add-006_1.out" \ + 0 \ + "Add user u23 to TKS -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-tks-user-add-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tks-user-add-006_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-add-006_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-add-006_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-add-006_1.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-tks-user-add-006_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-add-006_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-039: Add user to multiple groups" + user=u24 + userfullname="Multiple Group User" + email="multiplegroup@myemail.com" + user_password="admin2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$userfullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + $user > $TmpDir/pki-tks-user-add-006.out " \ + 0 \ + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-tks-user-add-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-add-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-tks-user-add-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-add-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-add-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-add-006.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-member-add Administrators $user > $TmpDir/pki-tks-user-add-007_1.out" \ + 0 \ + "Add user $user to Administrators group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-tks-user-add-007_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-tks-user-add-007_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-member-find Administrators > $TmpDir/pki-tks-user-add-007.out" \ + 0 \ + "Show pki tks-group-member-find Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-member-add \"Token Key Service Manager Agents\" $user > $TmpDir/pki-tks-user-add-007_1_1.out" \ + 0 \ + "Add user $user to Token Key Service Manager Agents" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-tks-user-add-007_1_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-tks-user-add-007_1_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-member-find \"Token Key Service Manager Agents\" > $TmpDir/pki-tks-user-add-007_2.out" \ + 0 \ + "Show pki tks-group-member-find Token Key Service Manager Agents" + + rlAssertGrep "User: $user" "$TmpDir/pki-tks-user-add-007_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-040: Add user with --password less than 8 characters" + userpw="pass" + expmsg="PKIException: The password must be at least 8 characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-tks-user-add-008.out 2>&1" \ + 255 \ + "Add a user --must be at least 8 characters --password" + rlAssertGrep "$expmsg" "$TmpDir/pki-tks-user-add-008.out" + rlPhaseEnd + + ##### Tests to add users using revoked cert##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-041: Should not be able to add user using a revoked cert TKS_adminR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-add-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-042: Should not be able to add user using a agent with revoked cert TKS_agentR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-add-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add users using an agent user##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-043: Should not be able to add user using a valid agent TKS_agentV user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tks-user-add-agentV-002.out" + rlPhaseEnd + + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-044: Should not be able to add user using a TKS_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-add-agentUTCA-002.out" + rlPhaseEnd + + ##### Tests to add users using expired cert##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-045: Should not be able to add user using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-add-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tks-user-add-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-046: Should not be able to add user using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-tks-user-add-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tks-user-add-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add users using audit users##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-047: Should not be able to add user using a TKS_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tks-user-add-auditV-002.out" + rlPhaseEnd + + + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-048: Should not be able to add user using a TKS_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tks-user-add-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-049: Should not be able to add user using a cert created from a untrusted TKS TKS_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tks-user-add-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-add-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-tks-user-add-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-tks-user-add-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tks-user-add-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-051: fullname with i18n characters" + rlLog "tks-user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-tks-user-add-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-tks-user-add-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-tks-user-add-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-tks-user-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-052: fullname with i18n characters" + rlLog "tks-user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u27 > $TmpDir/pki-tks-user-add-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-tks-user-add-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-tks-user-add-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-tks-user-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-053: fullname with i18n characters" + rlLog "tks-user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-tks-user-add-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-tks-user-add-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-tks-user-add-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-tks-user-add-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u28 > $TmpDir/pki-tks-user-add-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-tks-user-add-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-tks-user-add-001_53_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-054: fullname with i18n characters" + rlLog "tks-user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-tks-user-add-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-tks-user-add-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-tks-user-add-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u29 > $TmpDir/pki-tks-user-add-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-tks-user-add-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-tks-user-add-001_54_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-055: fullname with i18n characters" + rlLog "tks-user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-tks-user-add-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-tks-user-add-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-tks-user-add-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u30 > $TmpDir/pki-tks-user-add-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-tks-user-add-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-tks-user-add-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-056: user id with i18n characters" + rlLog "tks-user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-057: userid with i18n characters" + rlLog "tks-user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-058: email address with i18n characters" + rlLog "tks-user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-059: email address with i18n characters" + rlLog "tks-user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket :: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-060: password with i18n characters" + rlLog "tks-user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-tks-user-add-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-tks-user-add-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u31 > $TmpDir/pki-tks-user-add-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-tks-user-add-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-061: password with i18n characters" + rlLog "tks-user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-tks-user-add-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-tks-user-add-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u32 > $TmpDir/pki-tks-user-add-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-tks-user-add-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-062: type with i18n characters" + rlLog "tks-user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-tks-user-add-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-tks-user-add-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-tks-user-add-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u33 > $TmpDir/pki-tks-user-add-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-tks-user-add-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-tks-user-add-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-063: type with i18n characters" + rlLog "tks-user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-tks-user-add-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-tks-user-add-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-tks-user-add-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u34 > $TmpDir/pki-tks-user-add-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-tks-user-add-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-tks-user-add-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-064: state with i18n characters" + rlLog "tks-user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state='čå' u35 > $TmpDir/pki-tks-user-add-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-tks-user-add-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-tks-user-add-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u35 > $TmpDir/pki-tks-user-add-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-tks-user-add-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-tks-user-add-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-065: state with i18n characters" + rlLog "tks-user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state='йč' u36 > $TmpDir/pki-tks-user-add-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-tks-user-add-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-tks-user-add-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u36 > $TmpDir/pki-tks-user-add-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-tks-user-add-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-tks-user-add-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tks-user-add-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-add-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + tks-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + tks-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_add-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + tks-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + tks-user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting users" + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del '$usr' > $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del $pki_user > $TmpDir/pki-tks-user-del-user-tks-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-tks-user-del-user-tks-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not created." + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-add.sh new file mode 100755 index 000000000..c3dec3ba3 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-add.sh @@ -0,0 +1,2261 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-cert-add Add certs to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-cert-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tks-user-cli-tks-user-cert-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + rlPhaseStartSetup "pki_tks_user_cli_tks_user_cert-add-startup: Create temporary directory and initializing host/port variables" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to TKS users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_002crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_tks_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_004crmf.out > $TmpDir/pki_tks_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_tks_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_005crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_tks_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-006: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_006crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-007: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_009crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add Administrators admin_user > $TmpDir/pki-tks-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add Administrators admin_user1 > $TmpDir/pki-tks-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tks_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-TKS-0020: Adding a cert as a TKS agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid TKS agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid TKS agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0021: Adding a cert as valid TKS auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a TKS auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0022: Adding a cert as TKS_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TKS_HOST -p $TKS_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TKS_HOST -p $TKS_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as TKS_agentUTCA ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0027: Adding a cert as TKS_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user TKS_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an TKS_operatorV ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-TKS-add-0028: Adding a cert as TKS_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-TKS-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_tks_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT tks-user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# tks-user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# tks-group-member-add Administrators $userid > $TmpDir/pki-tks-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_tks_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_tks-user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_tks_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_tks_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# tks-user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-tks-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-tks-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-delete.sh new file mode 100755 index 000000000..31aea5f3a --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-delete.sh @@ -0,0 +1,839 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-cert-delete Delete the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-cert-delete.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tks-user-cli-tks-user-cert-delete_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + ##### Create temporary directory to save output files##### + rlPhaseStartSetup "pki_tks_user_cli_tks_user_cert-del-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_tks_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to TKS users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-002: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_tks_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_tks_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_tks_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_tks_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-003: pki tks-user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-004: pki tks-user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-005: pki tks-user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-006: pki tks-user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-007: pki tks-user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentV ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-008: Delete certs assigned to a user - as TKS_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-tks-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_auditorV ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-009: Delete certs assigned to a user - as TKS_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_adminE ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0010: Delete certs assigned to a user - as TKS_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentE ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0011: Delete certs assigned to a user - as TKS_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_adminR ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0012: Delete certs assigned to a user - as TKS_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentR ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0013: Delete certs assigned to a user - as TKS_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_operatorV ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-TKS-0015: Delete certs assigned to a user - as TKS_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to TKS users - i18n characters #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_tks_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_tks_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_tks_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_tks_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-del-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add Administrators admin_user > $TmpDir/pki-tks-user-add-tks-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add Administrators admin_user1 > $TmpDir/pki-tks-user-add-tks-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_tks_tks_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user --input $TmpDir/pki_tks_tks_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tks_tks_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tks_tks_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tks_tks_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tks_tks_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tks_tks_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_tks_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_tks_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT tks-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_tks_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_tks_tks_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tks_tks_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tks_tks_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tks_tks_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tks_tks_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tks_tks_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_tks_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_tks_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT tks-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-find.sh new file mode 100755 index 000000000..ba11be5be --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-find.sh @@ -0,0 +1,1070 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-cert-find Finding the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-tks-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tks-user-cli-tks-user-cert-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + #####Create temporary dir to save the output files##### + rlPhaseStartSetup "pki_tks_user_cli_tks_user_cert-find-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a TKS user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-002: Find the certs of a user in TKS --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 > $TmpDir/pki_tks_tks_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-003: Find the certs of a user in TKS --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 > $TmpDir/pki_tks_tks_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_tks_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-004: Find the certs of a user in TKS --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-005: Find the certs of a user in TKS --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user3 > $TmpDir/pki_tks_tks_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-006: Find the certs of a user in TKS --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --size=2 > $TmpDir/pki_tks_tks_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_tks_tks_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=0 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-007: Find the certs of a user in TKS --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --size=0 > $TmpDir/pki_tks_tks_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_tks_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=-1 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-008: Find the certs of a user in TKS --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-009: Find the certs of a user in TKS --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --size=50 > $TmpDir/pki_tks_tks_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-010: Find the certs of a user in TKS --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --start=2 > $TmpDir/pki_tks_tks_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_tks_tks_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-011: Find the certs of a user in TKS --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --start=0 > $TmpDir/pki_tks_tks_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-012: Find the certs of a user in TKS --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=0 > $TmpDir/pki_tks_tks_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_tks_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=-1 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-013: Find the certs of a user in TKS --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=50 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-014: Find the certs of a user in TKS --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --start=50 > $TmpDir/pki_tks_tks_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_tks_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-015: Find the certs of a user in TKS --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_tks_tks_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_tks_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-016: Find the certs of a user in TKS --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $newuserid --input $TmpDir/pki_tks_tks_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $newuserid --input $TmpDir/pki_tks_tks_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $newuserid --input $TmpDir/pki_tks_tks_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $newuserid --input $TmpDir/pki_tks_tks_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $newuserid > $TmpDir/pki_tks_tks_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-017: Find the certs of a user in TKS --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-018: Find the certs of a user in TKS --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_tks_tks_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_tks_tks_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-019: Find the certs of a user in TKS --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_tks_tks_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_tks_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-020: Find the certs of a user in TKS --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_tks_tks_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_tks_tks_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-021: Find the certs of a user in TKS --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_tks_tks_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to TKS users - i18n characters #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_tks_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_tks_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_tks_tks_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_tks_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-find $user1 > $TmpDir/pki_tks_tks_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_tks_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-023: Find the certs of a user as TKS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message tks-user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-024: Find the certs of a user as TKS_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-025: Find the certs of a user as TKS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-026: Find the certs of a user as TKS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-027: Find the certs of a user as TKS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-028: Find the certs of a user as TKS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a user whose TKS cert has not been trusted ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - userid is missing ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-tks-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a TKS user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-find-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-show.sh new file mode 100755 index 000000000..494990660 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-show.sh @@ -0,0 +1,1074 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-cert-show Show the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-cert-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tks-user-cli-tks-user-cert-show_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_tks_user_cli_tks_user_cert-show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to TKS users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_002crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-003: pki tks-user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-004: pki tks-user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-005: pki tks-user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-006-tier1: pki tks-user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-007-tier1: pki tks-user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-009: pki tks-user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0010: pki tks-user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0012: pki tks-user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0013: pki tks-user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0014: pki tks-user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0015: pki tks-user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0017: pki tks-user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0018: pki tks-user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_pkcs10_output0019 > $TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_crmf_output0019 > $TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentV ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0020: Show certs assigned to a user - as TKS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_auditorV ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0021: Show certs assigned to a user - as TKS_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_adminE ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0022: Show certs assigned to a user - as TKS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentE ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0023: Show certs assigned to a user - as TKS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_adminR ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0024: Show certs assigned to a user - as TKS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentR ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0025: Show certs assigned to a user - as TKS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS operator user ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0027: Show certs assigned to a user - as TKS operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_pkcs10_output0028 > $TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_crmf_output0028 > $TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-0031: pki tks-user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to TKS users - i18n characters #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-show-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert.sh new file mode 100755 index 000000000..5a6e0481c --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-cert CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki tks-user-cert cli commands needs to be tested: +# pki-tks-user-cert +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +# pki tks-user-cert ran without any options should show all the command line options of pki cert +run_pki-tks-user-cert() +{ +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + + rlPhaseStartSetup "Create Temporary Directory " + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-001: pki tks-user-cert help option" + local temp_out="$TmpDir/pki_user-cert" + rlLog "Executing pki tks-user-cert --help" + rlRun "pki tks-user-cert --help 1> $temp_out" 0 "pki tks-user-cert --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep "tks-user-cert-find Find user certificates" "$temp_out" + rlAssertGrep "tks-user-cert-show Show user certificate" "$temp_out" + rlAssertGrep "tks-user-cert-add Add user certificate" "$temp_out" + rlAssertGrep "tks-user-cert-del Remove user certificate" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-002: pki tks-user-cert with junk characters should return invalid module" + local temp_out1="$TmpDir/pki_tks-user-cert001" + local rand=`cat /dev/urandom | tr -dc 'a-zA-Z0-9*?$@#!%^&*()' | fold -w 40 | head -n 1` + rlLog "Executing pki tks-user-cert \"$rand\" characters" + rlRun "pki tks-user-cert \"$rand\" 2> $temp_out1" 255 "Command pki tks-user-cert with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki user-cert cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-del.sh new file mode 100755 index 000000000..189431a34 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-del.sh @@ -0,0 +1,690 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-del Delete pki subsystem TKS users. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-del.sh +######################################################################## + +run_pki-tks-user-cli-tks-user-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_tks_user_cli_tks_user_del-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$tks_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-configtest-001: pki tks-user-del --help configuration test" + rlRun "pki tks-user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki tks-user-del --help" + rlAssertGrep "usage: tks-user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-configtest-002: pki tks-user-del configuration test" + rlRun "pki tks-user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki tks-user-del" + rlAssertGrep "usage: tks-user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-user1-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del USER_ABC > $TmpDir/pki-tks-user-del-user-002_1.out" \ + 0 \ + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-tks-user-del-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del > $TmpDir/pki-tks-user-del-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: tks-user-del <User ID>" "$TmpDir/pki-tks-user-del-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test \"$user2\" > $TmpDir/pki-tks-user-add-tks-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del \"$user2\" > $TmpDir/pki-tks-user-del-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-tks-user-del-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test '$userid' > $TmpDir/pki-tks-user-add-tks-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del '$userid' > $TmpDir/pki-tks-user-del-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-tks-user-del-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show '$userid' > $TmpDir/pki-tks-user-del-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-tks-user-del-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test tks_agent" + email="tks_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-tks-user-add-tks-008.out" \ + 0 \ + "Add user $user1 to TKS -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add $user1 \"$gid\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del $user1 > $TmpDir/pki-tks-user-del-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-tks-user-del-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-tks-user-add-tks-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + tks-user-del u22 > $TmpDir/pki-tks-user-del-user-009.out" \ + 0 \ + "Deleting user u22 using -t tks option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-tks-user-del-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-010: Should not be able to delete user using a revoked cert TKS_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-tks-user-add-tks-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u23 > $TmpDir/pki-tks-user-show-tks-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-tks-user-show-tks-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tks-user-show-tks-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-tks-user-show-tks-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-011: Should not be able to delete user using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u23 > $TmpDir/pki-tks-user-show-tks-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-tks-user-show-tks-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tks-user-show-tks-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-tks-user-show-tks-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u23 > $TmpDir/pki-tks-user-del-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-012: Should not be able to delete user using a valid agent TKS_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-tks-user-add-tks-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-tks-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-tks-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-tks-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tks-user-show-tks-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-013: Should not be able to delete user using a admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-tks-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-tks-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-tks-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tks-user-show-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-014: Should not be able to delete a user using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-tks-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-tks-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-tks-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tks-user-show-tks-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-015: Should not be able to delete user using a TKS_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-tks-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-tks-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-tks-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tks-user-show-tks-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-016: Should not be able to delete user using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-tks-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-tks-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-tks-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tks-user-show-tks-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-tks-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-tks-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-tks-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tks-user-show-tks-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tks-user-del-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-del-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-tks-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-tks-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-tks-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tks-user-show-tks-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u24 > $TmpDir/pki-tks-user-del-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-019: delete user name with i18n characters" + rlLog "tks-user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-tks-user-add-tks-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-tks-user-add-tks-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tks-user-add-tks-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u19 > $TmpDir/pki-tks-user-del-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-tks-user-del-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_del-020: delete username with i18n characters" + rlLog "tks-user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-tks-user-add-tks-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tks-user-add-tks-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tks-user-add-tks-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u20 > $TmpDir/pki-tks-user-del-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-tks-user-del-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tks_user_cli_tks_user_del_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-find.sh new file mode 100755 index 000000000..2d077be73 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-find.sh @@ -0,0 +1,738 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-find To list users in TKS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Laxmi Sunkara <lsunkara@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-find.sh +######################################################################## + +run_pki-tks-user-cli-tks-user-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory + rlPhaseStartSetup "pki tks tks-user-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tks_instance_created" = "TRUE" ] ; then + user1=tks_agent2 + user1fullname="Test tks_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_tks_user_cli_tks_user_find-startup-addusers: Add users" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-configtest-001: pki tks-user-find --help configuration test" + rlRun "pki tks-user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki tks-user-find --help" + rlAssertGrep "usage: tks-user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-configtest-002: pki tks-user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki tks-user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-003: Find 5 users, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=5 > $TmpDir/pki-tks-user-find-001.out 2>&1" \ + 0 \ + "Found 5 users" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-user-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-004: Find non user, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=0 > $TmpDir/pki-tks-user-find-002.out 2>&1" \ + 0 \ + "Found no users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-005: Find all users, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$large_num > $TmpDir/pki-tks-user-find-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-tks-user-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check > $TmpDir/pki-tks-user-find-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-tks-user-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check > $TmpDir/pki-tks-user-find-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tks-user-find-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=-1 > $TmpDir/pki-tks-user-find-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-find-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-009: Find users for size input as noninteger, --size=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$size_noninteger > $TmpDir/pki-tks-user-find-005.out 2>&1" \ + 255 \ + "No users returned" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-tks-user-find-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-010: Find users, check for no input --size=" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size= > $TmpDir/pki-tks-user-find-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-tks-user-find-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find > $TmpDir/pki-tks-user-find-007_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_10=`cat $TmpDir/pki-tks-user-find-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=10 > $TmpDir/pki-tks-user-find-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-tks-user-find-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-user-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-012: Find users, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=10000 > $TmpDir/pki-tks-user-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=$maximum_check > $TmpDir/pki-tks-user-find-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=$maximum_check > $TmpDir/pki-tks-user-find-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tks-user-find-008_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=0 > $TmpDir/pki-tks-user-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-user-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=-1 > $TmpDir/pki-tks-user-find-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-tks-user-find-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-017: Find users for size input as noninteger, --start=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start= > $TmpDir/pki-tks-user-find-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-tks-user-find-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find > $TmpDir/pki-tks-user-find-00_13_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_12=`cat $TmpDir/pki-tks-user-find-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=12 --size=12 > $TmpDir/pki-tks-user-find-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-tks-user-find-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-tks-user-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find > $TmpDir/pki-tks-user-find-00_14_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_12=`cat $TmpDir/pki-tks-user-find-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=12 --size=0 > $TmpDir/pki-tks-user-find-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-021: Should not be able to find user using a revoked cert TKS_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-find-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-022: Should not be able to find users using an agent with revoked cert TKS_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-find-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-023: Should not be able to find users using a valid agent TKS_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tks-user-find-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-find-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-025: Should not be able to find users using admin user with expired cert TKS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-find-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tks-user-find-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-026: Should not be able to find users using TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-find-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tks-user-find-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-027: Should not be able to find users using a TKS_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tks-user-find-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-028: Should not be able to find users using a TKS_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tks-user-find-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + tks-user-find --start=1 --size=5 > $TmpDir/pki-tks-user-find-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-find-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + tks-user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password tks-user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tks-user-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "tks-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-tks-user-find-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check > $TmpDir/pki-user-show-tks-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tks-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-tks-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_find-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "tks-user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-tks-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-find --size=$maximum_check > $TmpDir/pki-user-show-tks-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-tks-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-tks-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} + diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-add.sh new file mode 100755 index 000000000..ebaf23106 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-add.sh @@ -0,0 +1,694 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI user-cli-tks-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-membership-add Add TKS user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-membership-add.sh +###################################################################################### + +######################################################################## +run_pki-tks-user-cli-tks-user-membership-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + rlPhaseStartSetup "pki_tks_user_cli_tks_user_membership-add-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tks_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-002: pki tks-user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership > $TmpDir/pki_tks_user_membership_cfg.out 2>&1" \ + 0 \ + "pki tks-user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_tks_user_membership_cfg.out" + rlAssertGrep "tks-user-membership-find Find user memberships" "$TmpDir/pki_tks_user_membership_cfg.out" + rlAssertGrep "tks-user-membership-add Add user membership" "$TmpDir/pki_tks_user_membership_cfg.out" + rlAssertGrep "tks-user-membership-del Remove user membership" "$TmpDir/pki_tks_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-003: pki tks-user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-add --help > $TmpDir/pki_tks_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki tks-user-membership-add --help" + rlAssertGrep "usage: tks-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tks_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-004: pki tks-user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-add > $TmpDir/pki_tks_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki tks-user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tks_user_membership_add_2_cfg.out" + rlAssertGrep "usage: tks-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tks_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-005: Add users to available groups using valid admin user TKS_adminV" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-user-membership-add-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-user-membership-add-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-user-membership-add-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-user-membership-add-user-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u$i > $TmpDir/pki-tks-user-membership-add-tks-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u$i \"$gid\" > $TmpDir/pki-tks-user-membership-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tks-user-membership-add-groupadd-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u$i > $TmpDir/pki-tks-user-membership-add-groupadd-find-tks-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-find-tks-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-006: Add a user to all available groups using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-user-membership-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-user-membership-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-user-membership-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-user-membership-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show userall > $TmpDir/pki-tks-user-membership-add-tks-user-show-tks-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add userall \"$gid\" > $TmpDir/pki-tks-user-membership-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tks-user-membership-add-groupadd-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall > $TmpDir/pki-tks-user-membership-add-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-find-tks-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tks-user-membership-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tks-user-membership-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-user-membership-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-user-membership-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show user1 > $TmpDir/pki-tks-user-membership-add-tks-user-show-tks-user1-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-user-membership-add-tks-user-show-tks-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add user1 \"Administrators\" > $TmpDir/pki-tks-user-membership-add-groupadd-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tks-user-membership-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD tks-user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tks-user-membership-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD tks-user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-009: Should be able to tks-user-membership-add user name with i18n characters" + rlLog "tks-user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD tks-user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-tks-user-membership-add-groupadd-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tks-user-membership-add-groupadd-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-tks-user-membership-add-groupadd-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD tks-user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-tks-user-membership-add-groupadd-find-tks-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-tks-user-membership-add-groupadd-find-tks-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-010: Should be able to tks-user-membership-add user to group id with i18n characters" + rlLog "tks-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" " + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-user-membership-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-user-membership-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-user-membership-add-groupadd-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-add-groupadd-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u10 > $TmpDir/pki-tks-user-membership-add-groupadd-find-tks-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-add-groupadd-find-tks-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-011: Should not be able to tks-user-membership-add using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminR -c $CERTDB_DIR_PASSWORD tks-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-add using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-012: Should not be able to tks-user-membership-add using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD tks-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-add using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-013: Should not be able to tks-user-membership-add using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminE -c $CERTDB_DIR_PASSWORD tks-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-add using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-014: Should not be able to tks-user-membership-add using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-add using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-015: Should not be able to tks-user-membership-add using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD tks-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-add using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-016: Should not be able to tks-user-membership-add using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-add using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-017: Should not be able to tks-user-membership-add using TKS_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-tks-user-membership-add-user-add-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add $user2 \"$gid\" > $TmpDir/pki-tks-user-membership-add-groupadd-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tks-user-membership-add-groupadd-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find $user2 > $TmpDir/pki-tks-user-membership-find-groupadd-find-tks-$user2-019.out" \ + 0 \ + "Find tks-user-membership to groups of $user2" + rlAssertGrep "5 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-tks-$user2-019.out" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-user-membership-find-groupadd-find-tks-$user2-019.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-tks-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-tks-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $TKS_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${TKS_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-tks-user-add-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tks-user-add-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-tks-user-membership-add-groupadd-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-tks-user-membership-add-groupadd-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-tks-user-membership-add-groupadd-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find $user2 > $TmpDir/pki-tks-user-membership-add-groupadd-find-tks-usertest1-019_3.out" \ + 0 \ + "Check tks-user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-tks-user-membership-add-groupadd-find-tks-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test_user u19 > $TmpDir/pki-tks-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-tks-user-add-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tks-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tks-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-add-019: Should not be able to add tks-user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) tks-user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add tks-user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tks_user_cli_tks_user_membership-add-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del userall > $TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del user1 > $TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u19 > $TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-tks-user-del-tks-tks-user-membership-add-user-del-tks-u19-001.out" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 3 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del testuser$i > $TmpDir/pki-tks-user-membership-add-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-tks-user-membership-add-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-tks-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" +# rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-del.sh new file mode 100755 index 000000000..53baf8021 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-del.sh @@ -0,0 +1,788 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI tks-user-membership-del TKS CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-tks-user-membership-add-tks.sh +###################################################################################### + +run_pki-tks-user-cli-tks-user-membership-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + tks_instance_created="False" + + rlPhaseStartSetup "pki_tks_user_cli_tks_user_membership-del-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups tks-group-find + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-002: pki tks-user-membership-del --help configuration test" + rlRun "pki tks-user-membership-del --help > $TmpDir/pki_tks_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki tks-user-membership-del --help" + rlAssertGrep "usage: tks-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tks_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-003: pki tks-user-membership-del configuration test" + rlRun "pki tks-user-membership-del > $TmpDir/pki_tks_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki tks-user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tks_user_membership_del_2_cfg.out" + rlAssertGrep "usage: tks-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tks_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-004: Delete tks-user-membership when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-user-membership-add-tks-user-add-tks-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-show u$i > $TmpDir/pki-tks-user-membership-add-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tks-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-user-membership-add-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u$i \"$gid\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u$i > $TmpDir/pki-tks-user-membership-add-groupadd-find-tks-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-find-tks-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del u$i \"$gid\" > $TmpDir/pki-tks-user-membership-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-tks-user-membership-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-005: Delete tks-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-user-membership-add-tks-user-add-tks-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add userall \"$gid\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall > $TmpDir/pki-tks-user-membership-add-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-add-groupadd-find-tks-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del userall \"$gid\" > $TmpDir/pki-tks-user-membership-del-groupadd-tks-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-tks-user-membership-del-groupadd-tks-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add user1 \"Administrators\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del user1 > $TmpDir/pki-tks-user-membership-del-groupadd-tks-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: tks-user-membership-del <User ID> <Group ID>" "$TmpDir/pki-tks-user-membership-del-groupadd-tks-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-tks-user-membership-add-tks-user-add-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add user2 \"Administrators\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del \"\" \"Administrators\" > $TmpDir/pki-tks-user-membership-del-groupadd-tks-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tks-user-membership-del-groupadd-tks-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-008: Should not be able to tks-user-membership-del using a revoked cert TKS_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tks-user-membership using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-009: Should not be able to tks-user-membership-del using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tks-user-membership using a revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-010: Should not be able to tks-user-membership-del using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tks-user-membership using a valid agent cert TKS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-011: Should not be able to tks-user-membership-del using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-del using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-012: Should not be able to tks-user-membership-del using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-del using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-013: Should not be able to tks-user-membership-del using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-del using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-014: Should not be able to tks-user-membership-del using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-del using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-015: Should not be able to tks-user-membership-del using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-016: Delete tks-user-membership for user fullname with i18n characters" + rlLog "tks-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-user-membership-add-groupadd-tks-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-user-membership-del-groupadd-tks-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-del-groupadd-tks-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-del-groupadd-tks-017_2.out" + rlLog "Delete tks-user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-tks-user-membership-del-017_3.out" \ + 0 \ + "Delete tks-user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u10 > $TmpDir/pki-tks-user-membership-find-groupadd-find-tks-017_4.out" \ + 0 \ + "Find tks-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-tks-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-017: Delete tks-user-membership for user fullname with i18n characters" + rlLog "tks-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-tks-user-add-tks-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tks-user-add-tks-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-user-add-tks-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-user-membership-del-groupadd-tks-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-del-groupadd-tks-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-del-groupadd-tks-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-user-membership-del-groupadd-del-018_3.out" \ + 0 \ + "Delete tks-user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-del-groupadd-del-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u11 > $TmpDir/pki-tks-user-membership-del-groupadd-del-018_4.out" \ + 0 \ + "Find tks-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-user-membership-del-groupadd-del-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-018: Delete tks-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tks-user-membership-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tks-user-membership-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tks-user-membership-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tks-user-membership-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete tks-user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-tks-user-membership-del-user-del-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tks-user-membership-del-user-del-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-user-membership-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-tks-user-membership-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u12 \"$groupid4\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u12 \"$groupid1\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + group-member-find Administrators > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + group-member-find \"$groupid1\" > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u12 > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + group-member-find $groupid4 > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + group-member-find \"$groupid1\" > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-del-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tks-user-membership-del-user-add-tks-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-tks-user-membership-add-groupadd-tks-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-tks-user-add-tks-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tks-user-add-tks-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-user-add-tks-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tks-user-add-tks-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-tks-user-membership-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-tks-user-membership-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tks_user_cli_tks_user_membership-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del userall > $TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del user1 > $TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del user2 > $TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-tks-user-del-tks-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del user123 > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del testuser1 > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-testuser1.out" + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-tks-user-del-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-del-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-find.sh new file mode 100755 index 000000000..a35013209 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-find.sh @@ -0,0 +1,727 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI user-cli-tks-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-membership-find Find TKS user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-membership-find.sh +###################################################################################### + +run_pki-tks-user-cli-tks-user-membership-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + rlPhaseStartSetup "pki_tks_user_cli_tks_user_membership-find-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups tks-group-find + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-002: pki tks-user-membership-find --help configuration test" + rlRun "pki tks-user-membership-find --help > $TmpDir/pki_tks_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki tks-user-membership-find --help" + rlAssertGrep "usage: tks-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tks_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_tks_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_tks_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-003: pki tks-user-membership-find configuration test" + rlRun "pki tks-user-membership-find > $TmpDir/pki_tks_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki tks-user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tks_user_membership_find_2_cfg.out" + rlAssertGrep "usage: tks-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tks_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_tks_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_tks_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-004: Find tks-user-membership when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-user-membership-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-user-membership-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-user-membership-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-user-membership-find-user-find-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u$i > $TmpDir/pki-tks-user-membership-find-tks-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tks-user-membership-find-tks-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-user-membership-find-tks-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-user-membership-find-tks-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u$i \"$gid\" > $TmpDir/pki-tks-user-membership-find-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u$i > $TmpDir/pki-tks-user-membership-find-groupadd-find-00$i.out" \ + 0 \ + "Find tks-user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tks-user-membership-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-005: Find tks-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-user-membership-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-user-membership-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-user-membership-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-user-membership-find-user-find-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show userall > $TmpDir/pki-tks-user-membership-find-tks-user-show-tks-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tks-user-membership-find-tks-user-show-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-user-membership-find-tks-user-show-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-user-membership-find-tks-user-show-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add userall \"$gid\" > $TmpDir/pki-tks-user-membership-find-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall > $TmpDir/pki-tks-user-membership-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find tks-user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-tks-user-membership-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-006: Find tks-user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=5 > $TmpDir/pki-tks-user-membership-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-007: Find all tks-user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=0 > $TmpDir/pki-tks-user-membership-find-groupadd-find-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-008: Find tks-user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=-1 > $TmpDir/pki-tks-user-membership-find-groupadd-find-start-003.out" \ + 0 \ + "Checking tks-user-membership to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-003.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-009: Find tks-user-memberships when page start greater than available number of groups (start=7)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=7 > $TmpDir/pki-tks-user-membership-find-groupadd-find-start-004.out" \ + 0 \ + "Checking tks-user-membership to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-membership-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-010: Should not be able to find tks-user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD tks-user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-011: Find tks-user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=0 > $TmpDir/pki-tks-user-membership-find-groupadd-find-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-012: Find tks-user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=1 > $TmpDir/pki-tks-user-membership-find-groupadd-find-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-013: Find tks-user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=2 > $TmpDir/pki-tks-user-membership-find-groupadd-find-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-014: Find tks-user-memberships when page size is 5 (size=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=5 > $TmpDir/pki-tks-user-membership-find-groupadd-find-size-009.out" 0 \ + "user_membership-find with size parameter as 5" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 6 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-015: Find tks-user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=100 > $TmpDir/pki-tks-user-membership-find-groupadd-find-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-016: Find tks-user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=-1 > $TmpDir/pki-tks-user-membership-find-groupadd-find-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-user-membership-find-groupadd-find-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-017: Should not be able to find tks-user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-018: Find tks-user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=4 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=4 --size=5 > $TmpDir/pki-tks-user-membership-find-019.out" \ + 0 \ + "Find tks-user-membership with page start and page size option" + rlAssertGrep "6 entries matched" "$TmpDir/pki-tks-user-membership-find-019.out" + i=5 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tks-user-membership-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-tks-user-membership-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-019: Find tks-user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --size=$maximum_check > $TmpDir/pki-tks-user-membership-find-020.out 2>&1" \ + 255 \ + "Find tks-user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tks-user-membership-find-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-020: Find tks-user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find userall --start=$maximum_check > $TmpDir/pki-tks-user-membership-find-021.out 2>&1" \ + 255 \ + "Find tks-user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tks-user-membership-find-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-021: Should not be able to tks-user-membership-find using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-022: Should not be able to tks-user-membership-find using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-023: Should not be able to tks-user-membership-find using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using a valid agent TKS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-024: Should not be able to tks-user-membership-find using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using a expired admin TKS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-025: Should not be able to tks-user-membership-find using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using a expired agent TKS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-026: Should not be able to tks-user-membership-find using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using a valid auditor TKS_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-027: Should not be able to tks-user-membership-find using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using a valid operator TKS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-028: Should not be able to tks-user-membership-find using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD tks-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-029:Find tks-user-membership for user fullname with i18n characters" + rlLog "tks-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-user-membership-add-groupadd-tks-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-user-membership-add-groupadd-tks-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-user-membership-find-groupadd-tks-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u9 > $TmpDir/pki-tks-user-membership-find-groupadd-find-031_3.out" \ + 0 \ + "Find tks-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-030: Find tks-user-membership for user fullname with i18n characters" + rlLog "tks-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-tks-user-add-tks-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tks-user-add-tks-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-user-add-tks-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-user-membership-find-groupadd-tks-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-find-groupadd-tks-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-membership-find u10 > $TmpDir/pki-tks-user-membership-find-groupadd-find-032_3.out" \ + 0 \ + "Find tks-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tks-user-membership-find-groupadd-find-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tks-user-membership-find-groupadd-find-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_membership-find-031: Find tks-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tks-user-membership-find-user-find-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tks-user-membership-find-user-find-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tks-user-membership-find-user-find-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tks-user-membership-find-user-find-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tks-user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-tks-user-membership-find-user-find-033_2.out" 0 "Find tks-user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-user-membership-find-user-find-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tks_user_cli_tks_user_membership-find-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del userall > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del user123 > $TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-tks-user-del-tks-user-membership-find-tks-user-del-tks-user123.out" + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-tks-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-mod.sh new file mode 100755 index 000000000..5205f1edb --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-mod.sh @@ -0,0 +1,1083 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-mod Modify existing users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tks-user-cli-tks-user-mod_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_tks_user_cli_tks_user_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + TKS_HOST=$(eval echo \$${MYROLE}) + TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + + user1=tks_user + user1fullname="Test tks user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test tks user modified" + user1_mod_email="testtksuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-002: Modify a user's fullname in TKS using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tks-tks-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-tks-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-tks-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-tks-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-003: Modify a user's email,phone,state,password in TKS using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-tks-tks-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-tks-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-tks-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tks-tks-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-tks-tks-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-tks-tks-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tks-tks-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-tks-tks-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-tks-tks-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tks-tks-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-tks-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=\"$randsym\" u2 > $TmpDir/pki-tks-tks-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-tks-tks-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-tks-tks-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tks-tks-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=# u3 > $TmpDir/pki-tks-tks-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-tks-tks-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tks-tks-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tks-tks-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=* u4 > $TmpDir/pki-tks-tks-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-tks-tks-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tks-tks-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tks-tks-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=$ u5 > $TmpDir/pki-tks-tks-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-tks-tks-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tks-tks-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tks-tks-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=0 u6 > $TmpDir/pki-tks-tks-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-tks-tks-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tks-tks-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tks-tks-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-tks-tks-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-tks-tks-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tks-tks-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-tks-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state=\"$randsym\" u8 > $TmpDir/pki-tks-tks-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-tks-tks-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-tks-tks-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tks-tks-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state=# u9 > $TmpDir/pki-tks-tks-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-tks-tks-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-tks-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-tks-tks-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state=* u10 > $TmpDir/pki-tks-tks-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-tks-tks-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-tks-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-tks-tks-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state=$ u11 > $TmpDir/pki-tks-tks-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-tks-tks-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-tks-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tks-tks-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --state=0 u12 > $TmpDir/pki-tks-tks-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-tks-tks-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-tks-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tks-tks-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-tks-tks-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-tks-tks-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tks-tks-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-tks-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 8193 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test usr1" + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --phone='$randsym$special_symbols' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-tks-tks-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-tks-tks-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-tks-tks-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-tks-tks-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --phone=-1230 u14 > $TmpDir/pki-tks-tks-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-tks-tks-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tks-tks-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-tks-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tks-tks-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-023-tier1: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-024-tier1: Modify a user -- all options provided" + email="tks_user2@myemail.com" + user_password="tksuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-tks-tks-user-mod-025.out" \ + 0 \ + "Modify user u15 to TKS -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-tks-tks-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tks-tks-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-tks-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-tks-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-tks-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-tks-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-032: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as TKS_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted TKS users##### + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-034: Should not be able to modify user using a cert created from a untrusted TKS role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName='$user1fullname' u17" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-036: Modify a user in TKS using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-037: Modify a user in TKS using TKS admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show u16 > $TmpDir/pki-tks-tks-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-tks-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-tks-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-tks-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-tks-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-tks-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-tks-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=\"\" u16 > $TmpDir/pki-tks-tks-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tks-tks-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-tks-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-tks-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-tks-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-tks-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-038: Modify a user in TKS using TKS_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show u16 > $TmpDir/pki-tks-tks-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-tks-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-tks-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-tks-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-tks-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-tks-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-039: Modify a user in TKS using an admin user in TKS - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show u16 > $TmpDir/pki-tks-tks-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-tks-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-tks-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-tks-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-tks-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify TKS users with the same value #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-040: Modify a user in TKS using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show $user1 > $TmpDir/pki-tks-tks-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-tks-tks-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-tks-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-tks-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tks-tks-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-tks-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-tks-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-tks-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-041: Modify a user in TKS using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show u16 > $TmpDir/pki-tks-tks-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-tks-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-tks-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-tks-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-tks-tks-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --email=\"$email\" u16 > $TmpDir/pki-tks-tks-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tks-tks-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-tks-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-tks-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-tks-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify TKS users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-042: Modify a user's fullname having i18n chars in TKS using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-tks-tks-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-tks-tks-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-tks-tks-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-tks-tks-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify TKS users having i18n chars in email #### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_mod-043: Modify a user's email having i18n chars in TKS using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_tks_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del usr$i > $TmpDir/pki-usr-del-tks-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-tks-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del $i18nuser > $TmpDir/pki-tks-user-del-tks-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-tks-user-del-tks-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-show.sh new file mode 100755 index 000000000..a030abf63 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-show.sh @@ -0,0 +1,1121 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-user-cli +# Description: PKI tks-user-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-user-cli-tks-user-show Show TKS users +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-show.sh +###################################################################################### + +######################################################################## +run_pki-tks-user-cli-tks-user-show_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_tks_user_cli_tks_user_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + #local variables + user1=tks_agent2 + user1fullname="Test tks_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + + rlPhaseStartTest "pki_tks_tks_user_show-configtest: pki tks-user-show configuration test" + rlRun "pki tks-user-show --help > $TmpDir/pki_tks_tks_user_show_cfg.out 2>&1" \ + 0 \ + "pki tks-user-show" + rlAssertGrep "usage: tks-user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_tks_tks_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_tks_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_tks_tks_user_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TKS users #### + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-001: Add user to TKS using TKS_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user1 > $TmpDir/pki-tks-user-show-001.out" \ + 0 \ + "Show user $user1" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-tks-user-show-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-show-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user2 > $TmpDir/pki-tks-user-show-001_1.out" \ + 0 \ + "Show $user2 user" + rlAssertGrep "User \"$user2\"" "$TmpDir/pki-tks-user-show-001_1.out" + actual_userid_string=`cat $TmpDir/pki-tks-user-show-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user3 > $TmpDir/pki-tks-user-show-001_2.out" \ + 0 \ + "Show $user3 user" + rlAssertGrep "User \"$user3\"" "$TmpDir/pki-tks-user-show-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-tks-user-show-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user4 > $TmpDir/pki-tks-user-show-001_3.out" \ + 0 \ + "Show $user4 user" + rlAssertGrep "User \"$user4\"" "$TmpDir/pki-tks-user-show-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-tks-user-show-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user5 > $TmpDir/pki-tks-user-show-001_4.out" \ + 0 \ + "Show $user5 user" + rlAssertGrep "User \"$user5\"" "$TmpDir/pki-tks-user-show-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-tks-user-show-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user6 > $TmpDir/pki-tks-user-show-001_5.out" \ + 0 \ + "Show $user6 user" + rlAssertGrep "User \"$user6\"" "$TmpDir/pki-tks-user-show-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-tks-user-show-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show $user7 > $TmpDir/pki-tks-user-show-001_6.out" \ + 0 \ + "Show user $user7" + rlAssertGrep "User \"$user7\"" "$TmpDir/pki-tks-user-show-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-tks-user-show-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u1 > $TmpDir/pki-tks-user-show-001_7.out" \ + 0 \ + "Show user u1" + rlAssertGrep "User \"u1\"" "$TmpDir/pki-tks-user-show-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tks-user-show-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_7.out" + actual_email_string=`cat $TmpDir/pki-tks-user-show-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u2 > $TmpDir/pki-tks-user-show-001_8.out" \ + 0 \ + "Show user u2" + rlAssertGrep "User \"u2\"" "$TmpDir/pki-tks-user-show-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tks-user-show-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_8.out" + actual_email_string=`cat $TmpDir/pki-tks-user-show-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u3 > $TmpDir/pki-tks-user-show-001_9.out" \ + 0 \ + "Add user u3" + rlAssertGrep "User \"u3\"" "$TmpDir/pki-tks-user-show-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tks-user-show-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tks-user-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u4 > $TmpDir/pki-tks-user-show-001_10.out" \ + 0 \ + "Show user u4 using ${prefix}_adminV" + rlAssertGrep "User \"u4\"" "$TmpDir/pki-tks-user-show-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tks-user-show-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tks-user-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u5 > $TmpDir/pki-tks-user-show-001_11.out" \ + 0 \ + "Show user u5 using ${prefix}_adminV" + rlAssertGrep "User \"u5\"" "$TmpDir/pki-tks-user-show-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tks-user-show-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tks-user-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u6 > $TmpDir/pki-tks-user-show-001_12.out" \ + 0 \ + "Show user u6 using ${prefix}_adminV" + rlAssertGrep "User \"u6\"" "$TmpDir/pki-tks-user-show-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tks-user-show-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tks-user-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u7 > $TmpDir/pki-tks-user-show-001_13.out" \ + 0 \ + "Show user u7 using ${prefix}_adminV" + rlAssertGrep "User \"u7\"" "$TmpDir/pki-tks-user-show-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tks-user-show-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_13.out" + actual_state_string=`cat $TmpDir/pki-tks-user-show-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tks-user-show-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-tks-user-show-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u8 > $TmpDir/pki-tks-user-show-001_14.out" \ + 0 \ + "Show user u8 using ${prefix}_adminV" + rlAssertGrep "User \"u8\"" "$TmpDir/pki-tks-user-show-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tks-user-show-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_14.out" + actual_state_string=`cat $TmpDir/pki-tks-user-show-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tks-user-show-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-tks-user-show-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u9 > $TmpDir/pki-tks-user-show-001_15.out" \ + 0 \ + "Show user u9 using ${prefix}_adminV" + rlAssertGrep "User \"u9\"" "$TmpDir/pki-tks-user-show-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-user-show-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-tks-user-show-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u10 > $TmpDir/pki-tks-user-show-001_16.out" \ + 0 \ + "Show user u10 using ${prefix}_adminV" + rlAssertGrep "User \"u10\"" "$TmpDir/pki-tks-user-show-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-user-show-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-tks-user-show-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u11 > $TmpDir/pki-tks-user-show-001_17.out" \ + 0 \ + "Show user u11 using ${prefix}_adminV" + rlAssertGrep "User \"u11\"" "$TmpDir/pki-tks-user-show-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-user-show-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tks-user-show-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u12 > $TmpDir/pki-tks-user-show-001_18.out" \ + 0 \ + "Show pki ${prefix}_adminV user" + rlAssertGrep "User \"u12\"" "$TmpDir/pki-tks-user-show-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-user-show-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tks-user-show-001_18.out" + rlPhaseEnd + + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u13 > $TmpDir/pki-tks-user-show-001_19.out" \ + 0 \ + "Show user u13 using ${prefix}_adminV" + rlAssertGrep "User \"u13\"" "$TmpDir/pki-tks-user-show-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tks-user-show-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-show-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u14 > $TmpDir/pki-tks-user-show-001_24.out" \ + 0 \ + "Show user u14 using ${prefix}_adminV" + rlAssertGrep "User \"u14\"" "$TmpDir/pki-tks-user-show-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tks-user-show-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tks-user-show-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u15 > $TmpDir/pki-tks-user-show-001_25.out" \ + 0 \ + "Show user u15 using ${prefix}_adminV" + rlAssertGrep "User \"u15\"" "$TmpDir/pki-tks-user-show-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tks-user-show-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-tks-user-show-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u16 > $TmpDir/pki-tks-user-show-001_26.out" \ + 0 \ + "Show user u16 using ${prefix}_adminV" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-show-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-show-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-tks-user-show-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u17 > $TmpDir/pki-tks-user-show-001_27.out" \ + 0 \ + "Show user u17 using ${prefix}_adminV" + rlAssertGrep "User \"u17\"" "$TmpDir/pki-tks-user-show-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-tks-user-show-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-tks-user-show-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u18 > $TmpDir/pki-tks-user-show-001_28.out" \ + 0 \ + "Show user u18 using ${prefix}_adminV" + rlAssertGrep "User \"u18\"" "$TmpDir/pki-tks-user-show-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-tks-user-show-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-tks-user-show-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u19 > $TmpDir/pki-tks-user-show-001_29.out" \ + 0 \ + "Show user u19 using ${prefix}_adminV" + rlAssertGrep "User \"u19\"" "$TmpDir/pki-tks-user-show-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tks-user-show-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-tks-user-show-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u20 > $TmpDir/pki-tks-user-show-001_30.out" \ + 0 \ + "Show user u20 using ${prefix}_adminV" + rlAssertGrep "User \"u20\"" "$TmpDir/pki-tks-user-show-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tks-user-show-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-tks-user-show-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u21 > $TmpDir/pki-tks-user-show-001_31.out" \ + 0 \ + "Show user u21 using ${prefix}_adminV" + rlAssertGrep "User \"u21\"" "$TmpDir/pki-tks-user-show-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-tks-user-show-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-show-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-tks-user-show-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-029: Show user with -t tks option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + tks-user-show u22 > $TmpDir/pki-tks-user-show-001_32.out" \ + 0 \ + "Show user u22 using ${prefix}_adminV" + rlAssertGrep "User \"u22\"" "$TmpDir/pki-tks-user-show-001_32.out" + rlAssertGrep "User ID: u22" "$TmpDir/pki-tks-user-show-001_32.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-show-001_32.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u23 > $TmpDir/pki-tks-user-show-001_33.out" \ + 0 \ + "Show user u23 using ${prefix}_adminV" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-tks-user-show-001_33.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tks-user-show-001_33.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-show-001_33.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-show-001_33.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-show-001_33.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-tks-user-show-001_33.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-show-001_33.out" + rlPhaseEnd + + #Negative Cases + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show U23 > $TmpDir/pki-tks-user-show-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-tks-user-show-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tks-user-show-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-show-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-show-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-show-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-tks-user-show-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-033: Should not be able to show user using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-034: Should not be able to show user using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-035: Should not be able to show user using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-036: Should not be able to show user using a TKS_agentR user" + rlLog "To test error message consistency for the request pki_tks_user_cli_tks_user_show-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-037: Should not be able to show user using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-038: Should not be able to show user using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-039: Should not be able to show user using a TKS_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-040: Should not be able to show user using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tks-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u23 > $TmpDir/pki-tks-user-show-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-show-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password tks-user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tks-user-show-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-user-show-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show \"$user_length_exceed_max\" > $TmpDir/pki-tks-user-show-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tks-user-show-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-044: user name with i18n characters" + rlLog "tks-user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-tks-user-show-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u24 > $TmpDir/pki-tks-user-show-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tks-user-show-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tks-user-show-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-tks-user-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_user_cli_tks_user_show-045: user name with i18n characters" + rlLog "tks-user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-tks-user-show-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-show u25 > $TmpDir/pki-tks-user-show-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-tks-user-show-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-tks-user-show-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-tks-user-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del u$i > $TmpDir/pki-tks-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tks-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tks-user-del $usr > $TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tks-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance is not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-add.sh new file mode 100755 index 000000000..ac753574b --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-add.sh @@ -0,0 +1,1453 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-add Add users to pki TPS subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-add.sh +######################################################################## +run_pki-tps-user-cli-tps-user-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_tps_user_cli_tps_user_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$tps_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_tps_user_cli-configtest: pki tps-user --help configuration test" + rlRun "pki tps-user --help > $TmpDir/pki_tps_user_cfg.out 2>&1" \ + 0 \ + "pki tps-user --help" + rlAssertGrep "tps-user-find Find users" "$TmpDir/pki_tps_user_cfg.out" + rlAssertGrep "tps-user-show Show user" "$TmpDir/pki_tps_user_cfg.out" + rlAssertGrep "tps-user-add Add user" "$TmpDir/pki_tps_user_cfg.out" + rlAssertGrep "tps-user-mod Modify user" "$TmpDir/pki_tps_user_cfg.out" + rlAssertGrep "tps-user-del Remove user" "$TmpDir/pki_tps_user_cfg.out" + rlAssertGrep "tps-user-cert User certificate management commands" "$TmpDir/pki_tps_user_cfg.out" + rlAssertGrep "tps-user-membership User membership management commands" "$TmpDir/pki_tps_user_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-configtest: pki tps-user-add configuration test" + rlRun "pki tps-user-add --help > $TmpDir/pki_tps_user_add_cfg.out 2>&1" \ + 0 \ + "pki tps-user-add --help" + rlAssertGrep "usage: tps-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_tps_user_add_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_tps_user_add_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_tps_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_add_cfg.out" + rlAssertGrep "\--password <password> Password" "$TmpDir/pki_tps_user_add_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_tps_user_add_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_tps_user_add_cfg.out" + rlAssertGrep "\--type <type> Type" "$TmpDir/pki_tps_user_add_cfg.out" + rlPhaseEnd + + ##### Tests to add TPS users using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-001: Add a user to TPS using TPS_adminV" + user1=tps_agent2 + user1fullname="Test tps_agent" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-001.out" 0 "Add user $user1 to TPS_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-tps-user-add-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-user-add-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test \"$user2\" > $TmpDir/pki-tps-user-add-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-tps-user-add-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-003:User id with # character" + user3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user3 > $TmpDir/pki-tps-user-add-001_2.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-tps-user-add-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-tps-user-add-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-004:User id with $ character" + user4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user4 > $TmpDir/pki-tps-user-add-001_3.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-tps-user-add-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-tps-user-add-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-005:User id with @ character" + user5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user5 > $TmpDir/pki-tps-user-add-001_4.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-tps-user-add-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-tps-user-add-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-006:User id with ? character" + user6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user6 > $TmpDir/pki-tps-user-add-001_5.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-tps-user-add-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-tps-user-add-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-007:User id as 0" + user7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user7 > $TmpDir/pki-tps-user-add-001_6.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-tps-user-add-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-tps-user-add-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-tps-user-add-001_7.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-tps-user-add-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tps-user-add-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_7.out" + actual_email_string=`cat $TmpDir/pki-tps-user-add-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email='$email' u2 > $TmpDir/pki-tps-user-add-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-tps-user-add-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tps-user-add-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_8.out" + actual_email_string=`cat $TmpDir/pki-tps-user-add-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-010:--email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=# u3 > $TmpDir/pki-tps-user-add-001_9.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-tps-user-add-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tps-user-add-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tps-user-add-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-011:--email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=* u4 > $TmpDir/pki-tps-user-add-001_10.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-tps-user-add-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tps-user-add-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tps-user-add-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-012:--email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=$ u5 > $TmpDir/pki-tps-user-add-001_11.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-tps-user-add-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tps-user-add-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tps-user-add-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-013:--email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=0 u6 > $TmpDir/pki-tps-user-add-001_12.out " \ + 0 \ + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-tps-user-add-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tps-user-add-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tps-user-add-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-tps-user-add-001_13.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-tps-user-add-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tps-user-add-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_13.out" + actual_state_string=`cat $TmpDir/pki-tps-user-add-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tps-user-add-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-tps-user-add-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state='$state' u8 > $TmpDir/pki-tps-user-add-001_14.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-tps-user-add-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tps-user-add-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_14.out" + actual_state_string=`cat $TmpDir/pki-tps-user-add-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tps-user-add-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-tps-user-add-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-016:--state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=# u9 > $TmpDir/pki-tps-user-add-001_15.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tps-user-add-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tps-user-add-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-tps-user-add-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-017:--state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=* u10 > $TmpDir/pki-tps-user-add-001_16.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tps-user-add-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tps-user-add-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-tps-user-add-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-018:--state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=$ u11 > $TmpDir/pki-tps-user-add-001_17.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tps-user-add-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tps-user-add-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tps-user-add-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-019:--state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=0 u12 > $TmpDir/pki-tps-user-add-001_18.out " \ + 0 \ + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tps-user-add-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-user-add-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tps-user-add-001_18.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-tps-user-add-001_19.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-tps-user-add-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tps-user-add-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-add-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-tps-user-add-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tps-user-add-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tps-user-add-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-022:--phone with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone=# usr2 > $TmpDir/pki-tps-user-add-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tps-user-add-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tps-user-add-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-023:--phone with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone=* usr3 > $TmpDir/pki-tps-user-add-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tps-user-add-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tps-user-add-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-024:--phone with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-tps-user-add-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tps-user-add-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-tps-user-add-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-025:--phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-tps-user-add-001_24.out " \ + 0 \ + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-tps-user-add-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tps-user-add-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tps-user-add-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-026:--type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-tps-user-add-001_25.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-tps-user-add-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tps-user-add-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-tps-user-add-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-027:--type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-tps-user-add-001_26.out" \ + 0 \ + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-tps-user-add-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-add-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-tps-user-add-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-028:--type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-tps-user-add-001_27.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-tps-user-add-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-tps-user-add-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-tps-user-add-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-029:--type Subsytem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-tps-user-add-001_28.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-tps-user-add-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-tps-user-add-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_28.out" + rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-tps-user-add-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-030:--type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-tps-user-add-001_29.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-tps-user-add-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tps-user-add-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-tps-user-add-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-031:--type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-tps-user-add-001_30.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tps-user-add-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tps-user-add-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-tps-user-add-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-032:--type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-tps-user-add-001_31.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-tps-user-add-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-tps-user-add-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-tps-user-add-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-033:--type Dummy Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-tps-user-add-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-tps-user-add-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-tps-user-add-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-tps-user-add-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-tps-user-add-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-tps-user-add-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-034: Add a duplicate user to TPS" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"New user\" $user1 > $TmpDir/pki-tps-user-add-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-tps-user-add-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-036: Add a user -- missing required option user id" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" > $TmpDir/pki-tps-user-add-004.out" \ + 255 \ + "Add user -- missing required option user id" + rlAssertGrep "usage: tps-user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-tps-user-add-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-037: Add a user -- missing required option --fullName" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add $user1 > $TmpDir/pki-tps-user-add-005.out 2>&1" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-038: Add a user -- all options provided" + email="tps_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23 > $TmpDir/pki-tps-user-add-006_1.out" \ + 0 \ + "Add user u23 to TPS -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-tps-user-add-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tps-user-add-006_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-add-006_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-user-add-006_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-add-006_1.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-tps-user-add-006_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-add-006_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-039: Add user to multiple groups" + user=u24 + userfullname="Multiple Group User" + email="multiplegroup@myemail.com" + user_password="admin2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$userfullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + $user > $TmpDir/pki-tps-user-add-006.out " \ + 0 \ + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-tps-user-add-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-add-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-tps-user-add-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-user-add-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-add-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-add-006.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-add Administrators $user > $TmpDir/pki-tps-user-add-007_1.out" \ + 0 \ + "Add user $user to Administrators group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-tps-user-add-007_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-tps-user-add-007_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-find Administrators > $TmpDir/pki-tps-user-add-007.out" \ + 0 \ + "Show pki tps-group-member-find Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-add \"TPS Agents\" $user > $TmpDir/pki-tps-user-add-007_1_1.out" \ + 0 \ + "Add user $user to TPS Agents group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-tps-user-add-007_1_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-tps-user-add-007_1_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-find \"TPS Agents\" > $TmpDir/pki-tps-user-add-007_2.out" \ + 0 \ + "Show pki tps-group-member-find TPS Agents" + + rlAssertGrep "User: $user" "$TmpDir/pki-tps-user-add-007_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-040: Add user with --password less than 8 characters" + userpw="pass" + expmsg="PKIException: The password must be at least 8 characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-tps-user-add-008.out 2>&1" \ + 255 \ + "Add a user --must be at least 8 characters --password" + rlAssertGrep "$expmsg" "$TmpDir/pki-tps-user-add-008.out" + rlPhaseEnd + + ##### Tests to add users using revoked cert##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-041: Should not be able to add user using a revoked cert TPS_adminR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-add-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-042: Should not be able to add user using a agent with revoked cert TPS_agentR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-add-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add users using an agent user##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-043: Should not be able to add user using a valid agent TPS_agentV user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tps-user-add-agentV-002.out" + rlPhaseEnd + + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-044: Should not be able to add user using a TPS_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-add-agentUTCA-002.out" + rlPhaseEnd + + ##### Tests to add users using expired cert##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-045: Should not be able to add user using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-add-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tps-user-add-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-046: Should not be able to add user using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-tps-user-add-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tps-user-add-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add users using officer users##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-047: Should not be able to add user using a TPS_officerV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-officerV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a officer cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tps-user-add-officerV-002.out" + rlPhaseEnd + + + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-048: Should not be able to add user using a TPS_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tps-user-add-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-049: Should not be able to add user using a cert created from a untrusted TPS TPS_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-tps-user-add-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-add-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-tps-user-add-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-tps-user-add-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tps-user-add-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-051: fullname with i18n characters" + rlLog "tps-user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-tps-user-add-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-tps-user-add-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-tps-user-add-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-tps-user-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-052: fullname with i18n characters" + rlLog "tps-user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' u27 > $TmpDir/pki-tps-user-add-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-tps-user-add-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-tps-user-add-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-tps-user-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-053: fullname with i18n characters" + rlLog "tps-user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-tps-user-add-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-tps-user-add-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-tps-user-add-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-tps-user-add-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u28 > $TmpDir/pki-tps-user-add-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-tps-user-add-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-tps-user-add-001_53_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-054: fullname with i18n characters" + rlLog "tps-user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-tps-user-add-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-tps-user-add-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-tps-user-add-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u29 > $TmpDir/pki-tps-user-add-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-tps-user-add-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-tps-user-add-001_54_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-055: fullname with i18n characters" + rlLog "tps-user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-tps-user-add-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-tps-user-add-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-tps-user-add-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u30 > $TmpDir/pki-tps-user-add-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-tps-user-add-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-tps-user-add-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-056: user id with i18n characters" + rlLog "tps-user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-057: userid with i18n characters" + rlLog "tps-user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-058: email address with i18n characters" + rlLog "tps-user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-059: email address with i18n characters" + rlLog "tps-user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-060: password with i18n characters" + rlLog "tps-user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-tps-user-add-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-tps-user-add-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u31 > $TmpDir/pki-tps-user-add-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-tps-user-add-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-061: password with i18n characters" + rlLog "tps-user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-tps-user-add-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-tps-user-add-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u32 > $TmpDir/pki-tps-user-add-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-tps-user-add-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-062: type with i18n characters" + rlLog "tps-user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-tps-user-add-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-tps-user-add-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-tps-user-add-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u33 > $TmpDir/pki-tps-user-add-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-tps-user-add-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-tps-user-add-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-063: type with i18n characters" + rlLog "tps-user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-tps-user-add-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-tps-user-add-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-tps-user-add-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u34 > $TmpDir/pki-tps-user-add-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-tps-user-add-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-tps-user-add-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-064: state with i18n characters" + rlLog "tps-user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state='čå' u35 > $TmpDir/pki-tps-user-add-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-tps-user-add-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-tps-user-add-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u35 > $TmpDir/pki-tps-user-add-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-tps-user-add-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-tps-user-add-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-065: state with i18n characters" + rlLog "tps-user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state='йč' u36 > $TmpDir/pki-tps-user-add-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-tps-user-add-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-tps-user-add-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u36 > $TmpDir/pki-tps-user-add-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-tps-user-add-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-tps-user-add-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tps-user-add-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-add-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + tps-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + tps-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_add-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + tps-user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + tps-user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup: Deleting users" + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u$i > $TmpDir/pki-tps-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tps-user-del-tps-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del '$usr' > $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del $pki_user > $TmpDir/pki-tps-user-del-user-tps-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-tps-user-del-user-tps-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not created." + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-add.sh new file mode 100755 index 000000000..af25eb91e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-add.sh @@ -0,0 +1,2288 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-cert-add Add certs to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-cert-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tps-user-cli-tps-user-cert-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + ##### Create a temporary directory to save output files and initializing host/port variables ##### + rlPhaseStartSetup "pki_tps_user_cli_tps_user_cert-add-startup: Create temporary directory and initializing host/port variables" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to TPS users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_002crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_004crmf.out > $TmpDir/pki_tps_tps_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_tps_tps_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_005crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_tps_tps_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-006: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_006crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add --input $TmpDir/pki_tps_tps_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add --input $TmpDir/pki_tps_tps_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_tps_user_cert-add-007: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_009crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tps_tps_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tps_tps_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_tps_user_cert-add-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_tps_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_tps_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_tps_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add Administrators admin_user > $TmpDir/pki-tps-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add Administrators admin_user1 > $TmpDir/pki-tps-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tps_tps_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tps_tps_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tps_tps_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tps_tps_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tps_tps_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user1 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user1 --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tps_tps_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tps_tps_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tps_tps_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tps_tps_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tps_tps_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-TPS-0020: Adding a cert as a TPS agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid TPS agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid TPS agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid officer user ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0021: Adding a cert as valid TPS officer user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a TPS officer user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0022: Adding a cert as TPS_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TPS_HOST -p $TPS_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TPS_HOST -p $TPS_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as TPS_agentUTCA ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0027: Adding a cert as TPS_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user TPS_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an TPS_operatorV ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-TPS-add-0028: Adding a cert as TPS_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-TPS-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add --input $TmpDir/pki_tps_tps_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tps_tps_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tps_tps_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_tps_tps_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tps_tps_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tps_tps_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_tps_user_cli_tps_tps_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT tps-user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# tps-user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# tps-group-member-add Administrators $userid > $TmpDir/pki-tps-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_tps_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_tps-user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_tps_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_tps_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# tps-user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanp "pki_tps_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-tps-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-tps-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-delete.sh new file mode 100755 index 000000000..e7286a8f1 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-delete.sh @@ -0,0 +1,840 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-cert-delete Delete the certs assigned to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-cert-delete.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tps-user-cli-tps-user-cert-delete_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + ##### Create temporary directory to save output files##### + rlPhaseStartSetup "pki_tps_user_cli_tps_user_cert-del-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_tps_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to TPS users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-002: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_tps_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_tps_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-003: pki tps-user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-004: pki tps-user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-005: pki tps-user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-006: pki tps-user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-007: pki tps-user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_agentV ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-008: Delete certs assigned to a user - as TPS_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-tps-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_officerV ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-009: Delete certs assigned to a user - as TPS_officerV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a valid officer cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a valid officer cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_adminE ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0010: Delete certs assigned to a user - as TPS_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_agentE ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0011: Delete certs assigned to a user - as TPS_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_adminR ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0012: Delete certs assigned to a user - as TPS_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_agentR ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0013: Delete certs assigned to a user - as TPS_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_operatorV ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-TPS-0015: Delete certs assigned to a user - as TPS_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to TPS users - i18n characters #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_tps_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_tps_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-del-tps-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add Administrators admin_user > $TmpDir/pki-tps-user-add-tps-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add Administrators admin_user1 > $TmpDir/pki-tps-user-add-tps-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_tps_tps_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user --input $TmpDir/pki_tps_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user --input $TmpDir/pki_tps_tps_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tps_tps_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tps_tps_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tps_tps_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tps_tps_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tps_tps_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_tps_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT tps-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user1 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user1 --input $TmpDir/pki_tps_tps_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_tps_tps_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tps_tps_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tps_tps_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tps_tps_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tps_tps_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tps_tps_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_tps_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_tps_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT tps-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-find.sh new file mode 100755 index 000000000..1e10b5cda --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-find.sh @@ -0,0 +1,1072 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-cert-find Finding the certs assigned to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-tps-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tps-user-cli-tps-user-cert-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + #####Create temporary dir to save the output files##### + rlPhaseStartSetup "pki_tps_user_cli_tps_user_cert-find-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a TPS user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-002: Find the certs of a user in TPS --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 > $TmpDir/pki_tps_tps_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TPS user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-003: Find the certs of a user in TPS --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 > $TmpDir/pki_tps_tps_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tps_tps_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-004: Find the certs of a user in TPS --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-005: Find the certs of a user in TPS --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user3 > $TmpDir/pki_tps_tps_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-006: Find the certs of a user in TPS --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --size=2 > $TmpDir/pki_tps_tps_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_tps_tps_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=0 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-007: Find the certs of a user in TPS --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --size=0 > $TmpDir/pki_tps_tps_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tps_tps_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=-1 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-008: Find the certs of a user in TPS --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-009: Find the certs of a user in TPS --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --size=50 > $TmpDir/pki_tps_tps_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-010: Find the certs of a user in TPS --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --start=2 > $TmpDir/pki_tps_tps_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_tps_tps_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-011: Find the certs of a user in TPS --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --start=0 > $TmpDir/pki_tps_tps_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-012: Find the certs of a user in TPS --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=0 > $TmpDir/pki_tps_tps_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tps_tps_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=-1 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_tps_user_cert-find-013: Find the certs of a user in TPS --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=50 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-014: Find the certs of a user in TPS --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --start=50 > $TmpDir/pki_tps_tps_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tps_tps_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-015: Find the certs of a user in TPS --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_tps_tps_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tps_tps_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-016: Find the certs of a user in TPS --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $newuserid --input $TmpDir/pki_tps_tps_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $newuserid --input $TmpDir/pki_tps_tps_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $newuserid --input $TmpDir/pki_tps_tps_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $newuserid --input $TmpDir/pki_tps_tps_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $newuserid > $TmpDir/pki_tps_tps_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-017: Find the certs of a user in TPS --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-018: Find the certs of a user in TPS --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_tps_tps_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_tps_tps_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-019: Find the certs of a user in TPS --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_tps_tps_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tps_tps_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-020: Find the certs of a user in TPS --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_tps_tps_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_tps_tps_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-021: Find the certs of a user in TPS --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_tps_tps_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to TPS users - i18n characters #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_tps_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_tps_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_tps_tps_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_tps_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-find $user1 > $TmpDir/pki_tps_tps_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_tps_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-023: Find the certs of a user as TPS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message tps-user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a valid officer user #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-024: Find the certs of a user as TPS_officerV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as a valid officer user" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-025: Find the certs of a user as TPS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-026: Find the certs of a user as TPS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-027: Find the certs of a user as TPS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-028: Find the certs of a user as TPS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a user whose TPS cert has not been trusted ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TPS user - userid is missing ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-tps-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a TPS user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-find-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-show.sh new file mode 100755 index 000000000..30fb27ac1 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-show.sh @@ -0,0 +1,1067 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-cert-show Show the certs assigned to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-cert-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-tps-user-cli-tps-user-cert-show_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_tps_user_cli_tps_user_cert-show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to TPS users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_tps_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_002crmf.out > $TmpDir/pki_tps_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-003: pki tps-user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-004: pki tps-user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-005: pki tps-user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-006-: pki tps-user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-007-: pki tps-user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-009: pki tps-user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0010: pki tps-user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0012: pki tps-user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0013: pki tps-user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0014: pki tps-user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0015: pki tps-user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0017: pki tps-user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0018: pki tps-user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0019-: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_tps_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_tps_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_pkcs10_output0019 > $TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_crmf_output0019 > $TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_agentV ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0020: Show certs assigned to a user - as TPS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_officerV ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0021: Show certs assigned to a user - as TPS_officerV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a valid officer cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a valid officer cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_adminE ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0022: Show certs assigned to a user - as TPS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_agentE ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0023: Show certs assigned to a user - as TPS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_adminR ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0024: Show certs assigned to a user - as TPS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_agentR ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0025: Show certs assigned to a user - as TPS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS operator user ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0027: Show certs assigned to a user - as TPS operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_pkcs10_output0028 > $TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_crmf_output0028 > $TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-0031: pki tps-user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to TPS users - i18n characters #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-show-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_tps_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_tps_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup: Deleting role users" + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert.sh new file mode 100755 index 000000000..995990cb7 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-cert CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki tps-user-cert cli commands needs to be tested: +# pki-tps-user-cert +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +# pki tps-user-cert ran without any options should show all the command line options of pki cert +run_pki-tps-user-cert() +{ +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + + rlPhaseStartSetup "Create Temporary Directory " + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-001: pki tps-user-cert help option" + local temp_out="$TmpDir/pki_user-cert" + rlLog "Executing pki tps-user-cert --help" + rlRun "pki tps-user-cert --help 1> $temp_out" 0 "pki tps-user-cert --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep "tps-user-cert-find Find user certificates" "$temp_out" + rlAssertGrep "tps-user-cert-show Show user certificate" "$temp_out" + rlAssertGrep "tps-user-cert-add Add user certificate" "$temp_out" + rlAssertGrep "tps-user-cert-del Remove user certificate" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-002: pki tps-user-cert with junk characters should return invalid module" + local temp_out1="$TmpDir/pki_tps-user-cert001" + local rand=`cat /dev/urandom | tr -dc 'a-zA-Z0-9*?$@#!%^&*()' | fold -w 40 | head -n 1` + rlLog "Executing pki tps-user-cert \"$rand\" characters" + rlRun "pki tps-user-cert \"$rand\" 2> $temp_out1" 255 "Command pki tps-user-cert with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki user-cert cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-del.sh new file mode 100755 index 000000000..db3870118 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-del.sh @@ -0,0 +1,692 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-del Delete pki subsystem TPS users. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-del.sh +######################################################################## + +run_pki-tps-user-cli-tps-user-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_tps_user_cli_tps_user_del-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$tps_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-tps-configtest-001: pki tps-user-del --help configuration test" + rlRun "pki tps-user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki tps-user-del --help" + rlAssertGrep "usage: tps-user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-tps-configtest-002: pki tps-user-del configuration test" + rlRun "pki tps-user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki tps-user-del" + rlAssertGrep "usage: tps-user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u$i > $TmpDir/pki-tps-user-del-user1-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tps-user-del-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del USER_ABC > $TmpDir/pki-tps-user-del-user-002_1.out" \ + 0 \ + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-tps-user-del-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del > $TmpDir/pki-tps-user-del-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: tps-user-del <User ID>" "$TmpDir/pki-tps-user-del-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test \"$user2\" > $TmpDir/pki-tps-user-add-tps-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del \"$user2\" > $TmpDir/pki-tps-user-del-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-tps-user-del-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test '$userid' > $TmpDir/pki-tps-user-add-tps-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del '$userid' > $TmpDir/pki-tps-user-del-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-tps-user-del-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show '$userid' > $TmpDir/pki-tps-user-del-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-tps-user-del-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test tps_agent" + email="tps_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-tps-user-add-tps-008.out" \ + 0 \ + "Add user $user1 to TPS -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user1 \"$gid\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del $user1 > $TmpDir/pki-tps-user-del-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-tps-user-del-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-tps-user-add-tps-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + tps-user-del u22 > $TmpDir/pki-tps-user-del-user-009.out" \ + 0 \ + "Deleting user u22 using -t tps option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-tps-user-del-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-010: Should not be able to delete user using a revoked cert TPS_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-tps-user-add-tps-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u23 > $TmpDir/pki-tps-user-show-tps-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-tps-user-show-tps-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tps-user-show-tps-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-tps-user-show-tps-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-011: Should not be able to delete user using a agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u23 > $TmpDir/pki-tps-user-show-tps-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-tps-user-show-tps-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tps-user-show-tps-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-tps-user-show-tps-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u23 > $TmpDir/pki-tps-user-del-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-012: Should not be able to delete user using a valid agent TPS_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-tps-user-add-tps-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-tps-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-tps-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-tps-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tps-user-show-tps-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-013: Should not be able to delete user using a admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-tps-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-tps-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-tps-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tps-user-show-tps-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-014: Should not be able to delete a user using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-tps-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-tps-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-tps-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tps-user-show-tps-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-015: Should not be able to delete user using a TPS_officerV" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a officer cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-tps-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-tps-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-tps-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tps-user-show-tps-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-016: Should not be able to delete user using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-tps-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-tps-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-tps-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tps-user-show-tps-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-tps-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-tps-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-tps-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tps-user-show-tps-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tps-user-del-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-del-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-tps-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-tps-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-tps-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-tps-user-show-tps-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u24 > $TmpDir/pki-tps-user-del-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-019: delete user name with i18n characters" + rlLog "tps-user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-tps-user-add-tps-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-tps-user-add-tps-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tps-user-add-tps-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u19 > $TmpDir/pki-tps-user-del-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-tps-user-del-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_del-020: delete username with i18n characters" + rlLog "tps-user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-tps-user-add-tps-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tps-user-add-tps-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tps-user-add-tps-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u20 > $TmpDir/pki-tps-user-del-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-tps-user-del-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tps_user_cli_tps_user_del_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-find.sh new file mode 100755 index 000000000..6f9c3b85e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-find.sh @@ -0,0 +1,750 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-find to list users in TPS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-find.sh +######################################################################## + +run_pki-tps-user-cli-tps-user-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory + rlPhaseStartSetup "pki tps-user-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tps_instance_created" = "TRUE" ] ; then + user1=tps_agent2 + user1fullname="Test tps_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_tps_user_cli_tps_user_find-startup-addusers: Add users" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-configtest-001: pki tps-user-find --help configuration test" + rlRun "pki tps-user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki tps-user-find --help" + rlAssertGrep "usage: tps-user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-configtest-002: pki tps-user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki tps-user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-003: Find 5 users, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=5 > $TmpDir/pki-tps-user-find-001.out 2>&1" \ + 0 \ + "Found 5 users" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-user-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-004: Find non user, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=0 > $TmpDir/pki-tps-user-find-002.out 2>&1" \ + 0 \ + "Found no users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-005: Find all users, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$large_num > $TmpDir/pki-tps-user-find-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-tps-user-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check > $TmpDir/pki-tps-user-find-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-tps-user-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check > $TmpDir/pki-tps-user-find-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tps-user-find-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=-1 > $TmpDir/pki-tps-user-find-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-find-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-009: Find users for size input as noninteger, --size=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$size_noninteger > $TmpDir/pki-tps-user-find-005.out 2>&1" \ + 255 \ + "No users returned" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-tps-user-find-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-010: Find users, check for no input --size=" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size= > $TmpDir/pki-tps-user-find-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-tps-user-find-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find > $TmpDir/pki-tps-user-find-007_1.out 2>&1" \ + 0 \ + "Get all users in TPS" + user_entry_10=`cat $TmpDir/pki-tps-user-find-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=10 > $TmpDir/pki-tps-user-find-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-tps-user-find-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-user-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-012: Find users, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=10000 > $TmpDir/pki-tps-user-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=$maximum_check > $TmpDir/pki-tps-user-find-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=$maximum_check > $TmpDir/pki-tps-user-find-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tps-user-find-008_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=0 > $TmpDir/pki-tps-user-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-user-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=-1 > $TmpDir/pki-tps-user-find-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-tps-user-find-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-017: Find users for size input as noninteger, --start=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=$size_noninteger > $TmpDir/pki-tps-user-find-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-tps-user-find-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start= > $TmpDir/pki-tps-user-find-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-tps-user-find-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find > $TmpDir/pki-tps-user-find-00_13_1.out 2>&1" \ + 0 \ + "Get all users in TPS" + user_entry_12=`cat $TmpDir/pki-tps-user-find-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=12 --size=12 > $TmpDir/pki-tps-user-find-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-tps-user-find-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-tps-user-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find > $TmpDir/pki-tps-user-find-00_14_1.out 2>&1" \ + 0 \ + "Get all users in TPS" + user_entry_12=`cat $TmpDir/pki-tps-user-find-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=12 --size=0 > $TmpDir/pki-tps-user-find-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-021: Should not be able to find user using a revoked cert TPS_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-find-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-022: Should not be able to find users using an agent with revoked cert TPS_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-find-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-023: Should not be able to find users using a valid agent TPS_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tps-user-find-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-find-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-025: Should not be able to find users using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-find-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tps-user-find-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-026: Should not be able to find users using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-find-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tps-user-find-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-027: Should not be able to find users using a TPS_officerV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-officerV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a officer cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tps-user-find-officerV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-028: Should not be able to find users using a TPS_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tps-user-find-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + tps-user-find --start=1 --size=5 > $TmpDir/pki-tps-user-find-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-find-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + tps-user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password tps-user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tps-user-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "tps-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-tps-user-find-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check > $TmpDir/pki-user-show-tps-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tps-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-tps-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_find-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "tps-user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-tps-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-find --size=$maximum_check > $TmpDir/pki-user-show-tps-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-tps-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-tps-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u$i > $TmpDir/pki-tps-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tps-user-del-tps-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} + diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-add.sh new file mode 100755 index 000000000..e85088d97 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-add.sh @@ -0,0 +1,673 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI user-cli-tps-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-membership-add Add TPS user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-membership-add.sh +###################################################################################### + +######################################################################## +run_pki-tps-user-cli-tps-user-membership-add_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + rlPhaseStartSetup "pki_tps_user_cli_tps_user_membership-add-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tps_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="Administrators" + groupid4="TPS Operators" + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-002: pki tps-user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership > $TmpDir/pki_tps_user_membership_cfg.out 2>&1" \ + 0 \ + "pki tps-user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_tps_user_membership_cfg.out" + rlAssertGrep "tps-user-membership-find Find user memberships" "$TmpDir/pki_tps_user_membership_cfg.out" + rlAssertGrep "tps-user-membership-add Add user membership" "$TmpDir/pki_tps_user_membership_cfg.out" + rlAssertGrep "tps-user-membership-del Remove user membership" "$TmpDir/pki_tps_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-003: pki tps-user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-add --help > $TmpDir/pki_tps_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki tps-user-membership-add --help" + rlAssertGrep "usage: tps-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tps_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-004: pki tps-user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-add > $TmpDir/pki_tps_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki tps-user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tps_user_membership_add_2_cfg.out" + rlAssertGrep "usage: tps-user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tps_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-005: Add users to available groups using valid admin user TPS_adminV" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-user-membership-add-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-user-membership-add-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-user-membership-add-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-user-membership-add-user-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u$i > $TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u$i \"$gid\" > $TmpDir/pki-tps-user-membership-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tps-user-membership-add-groupadd-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find u$i > $TmpDir/pki-tps-user-membership-add-groupadd-find-tps-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-find-tps-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-006: Add a user to all available groups using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-user-membership-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-user-membership-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-user-membership-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-user-membership-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show userall > $TmpDir/pki-tps-user-membership-add-tps-user-show-tps-userall-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add userall \"$gid\" > $TmpDir/pki-tps-user-membership-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tps-user-membership-add-groupadd-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall > $TmpDir/pki-tps-user-membership-add-groupadd-find-tps-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-find-tps-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-user-membership-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-user-membership-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-user-membership-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-user-membership-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show user1 > $TmpDir/pki-tps-user-membership-add-tps-user-show-tps-user1-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add user1 \"Administrators\" > $TmpDir/pki-tps-user-membership-add-groupadd-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tps-user-membership-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD tps-user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-user-membership-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD tps-user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-009: Should be able to tps-user-membership-add user name with i18n characters" + rlLog "tps-user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÖrjanÄke' u5" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÖrjanÄke' u5" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD tps-user-membership-add u5 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-tps-user-membership-add-groupadd-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tps-user-membership-add-groupadd-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-tps-user-membership-add-groupadd-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD tps-user-membership-find u5" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-tps-user-membership-add-groupadd-find-tps-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-tps-user-membership-add-groupadd-find-tps-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-010: Should be able to tps-user-membership-add user to group id with i18n characters" + rlLog "tps-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' u6" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' u6" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-user-membership-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-user-membership-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u6 \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-user-membership-add-groupadd-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-add-groupadd-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find u6 > $TmpDir/pki-tps-user-membership-add-groupadd-find-tps-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-add-groupadd-find-tps-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-011: Should not be able to tps-user-membership-add using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminR -c $CERTDB_DIR_PASSWORD tps-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-add using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-012: Should not be able to tps-user-membership-add using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD tps-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-add using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-013: Should not be able to tps-user-membership-add using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminE -c $CERTDB_DIR_PASSWORD tps-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-add using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-014: Should not be able to tps-user-membership-add using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-add using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-015: Should not be able to tps-user-membership-add using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_officerV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD tps-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-add using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-016: Should not be able to tps-user-membership-add using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-add using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-017: Should not be able to tps-user-membership-add using TPS_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-tps-user-membership-add-user-add-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user2 \"$gid\" > $TmpDir/pki-tps-user-membership-add-groupadd-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tps-user-membership-add-groupadd-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find $user2 > $TmpDir/pki-tps-user-membership-find-groupadd-find-tps-$user2-019.out" \ + 0 \ + "Find tps-user-membership to groups of $user2" + rlAssertGrep "3 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-tps-$user2-019.out" + rlAssertGrep "Number of entries returned 3" "$TmpDir/pki-tps-user-membership-find-groupadd-find-tps-$user2-019.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-tps-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-tps-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $TPS_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${TPS_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-tps-user-add-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-tps-user-add-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user2 \"$groupid3\" > $TmpDir/pki-tps-user-membership-add-groupadd-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid3\"" + rlAssertGrep "Added membership in \"$groupid3\"" "$TmpDir/pki-tps-user-membership-add-groupadd-usertest2-019_2.out" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-tps-user-membership-add-groupadd-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find $user2 > $TmpDir/pki-tps-user-membership-add-groupadd-find-tps-usertest1-019_3.out" \ + 0 \ + "Check tps-user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-tps-user-membership-add-groupadd-find-tps-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test_user u19 > $TmpDir/pki-tps-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tps-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-add-019: Should not be able to add tps-user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) tps-user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add tps-user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tps_user_cli_tps_user_membership-add-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u$i > $TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del userall > $TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del user1 > $TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u19 > $TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-tps-user-del-tps-tps-user-membership-add-user-del-tps-u19-001.out" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 3 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del testuser$i > $TmpDir/pki-tps-user-membership-add-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-tps-user-membership-add-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-tps-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-del.sh new file mode 100755 index 000000000..ba76b2c4d --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-del.sh @@ -0,0 +1,776 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-membership-del TPS CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-membership-add-tps.sh +###################################################################################### + +run_pki-tps-user-cli-tps-user-membership-del_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_tps_user_cli_tps_user_membership-del-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups tps-group-find + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="Administrators" + groupid4="TPS Operators" + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-002: pki tps-user-membership-del --help configuration test" + rlRun "pki tps-user-membership-del --help > $TmpDir/pki_tps_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki tps-user-membership-del --help" + rlAssertGrep "usage: tps-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tps_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-003: pki tps-user-membership-del configuration test" + rlRun "pki tps-user-membership-del > $TmpDir/pki_tps_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki tps-user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tps_user_membership_del_2_cfg.out" + rlAssertGrep "usage: tps-user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_tps_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-004: Delete tps-user-membership when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-user-membership-add-tps-user-add-tps-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u$i > $TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-user-membership-add-tps-user-show-tps-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u$i \"$gid\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find u$i > $TmpDir/pki-tps-user-membership-add-groupadd-find-tps-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-find-tps-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del u$i \"$gid\" > $TmpDir/pki-tps-user-membership-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-tps-user-membership-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-005: Delete tps-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-user-membership-add-tps-user-add-tps-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add userall \"$gid\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall > $TmpDir/pki-tps-user-membership-add-groupadd-find-tps-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-add-groupadd-find-tps-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del userall \"$gid\" > $TmpDir/pki-tps-user-membership-del-groupadd-tps-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-tps-user-membership-del-groupadd-tps-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add user1 \"Administrators\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del user1 > $TmpDir/pki-tps-user-membership-del-groupadd-tps-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: tps-user-membership-del <User ID> <Group ID>" "$TmpDir/pki-tps-user-membership-del-groupadd-tps-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-tps-user-membership-add-tps-user-add-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add user2 \"Administrators\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del \"\" \"Administrators\" > $TmpDir/pki-tps-user-membership-del-groupadd-tps-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tps-user-membership-del-groupadd-tps-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-008: Should not be able to tps-user-membership-del using a revoked cert TPS_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tps-user-membership using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-009: Should not be able to tps-user-membership-del using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tps-user-membership using a revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-010: Should not be able to tps-user-membership-del using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tps-user-membership using a valid agent cert TPS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-011: Should not be able to tps-user-membership-del using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-del using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-012: Should not be able to tps-user-membership-del using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-del using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-013: Should not be able to tps-user-membership-del using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-del using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-014: Should not be able to tps-user-membership-del using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-del using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-015: Should not be able to tps-user-membership-del using TPS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-016: Delete tps-user-membership for user fullname with i18n characters" + user6="u6" + rlLog "tps-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' $user6" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' $user6" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-user-membership-add-groupadd-tps-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user6 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user6 \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-user-membership-del-groupadd-tps-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-del-groupadd-tps-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-del-groupadd-tps-017_2.out" + rlLog "Delete tps-user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del $user6 'dadministʁasjɔ̃' > $TmpDir/pki-tps-user-membership-del-017_3.out" \ + 0 \ + "Delete tps-user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find $user6 > $TmpDir/pki-tps-user-membership-find-groupadd-find-tps-017_4.out" \ + 0 \ + "Find tps-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-tps-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-017: Delete tps-user-membership for user fullname with i18n characters" + user7="u7" + rlLog "tps-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÖrjanÄke' $user7 > $TmpDir/pki-tps-user-add-tps-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-tps-user-add-tps-018.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-tps-user-add-tps-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user7 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user7 \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-user-membership-del-groupadd-tps-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-del-groupadd-tps-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-del-groupadd-tps-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del $user7 \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-user-membership-del-groupadd-del-018_3.out" \ + 0 \ + "Delete tps-user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-del-groupadd-del-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find $user7 > $TmpDir/pki-tps-user-membership-del-groupadd-del-018_4.out" \ + 0 \ + "Find tps-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-user-membership-del-groupadd-del-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-018: Delete tps-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tps-user-membership-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tps-user-membership-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tps-user-membership-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tps-user-membership-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete tps-user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-tps-user-membership-del-user-del-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tps-user-membership-del-user-del-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-user-membership-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-tps-user-membership-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u12 \"$groupid3\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid3\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u12 \"$groupid1\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-find Administrators > $TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-find \"$groupid1\" > $TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u12 > $TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-find $groupid3 > $TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_7.out" \ + 0 \ + "List members of $groupid3 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-member-find \"$groupid1\" > $TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-del-020: User deleted from Administrators group cannot create a new user" + user5="u5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-user-membership-del-tps-user-add-tps-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-tps-user-membership-add-groupadd-tps-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-add --fullName=test_user $user5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-tps-user-add-tps-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-tps-user-add-tps-021_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-tps-user-add-tps-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tps-user-add-tps-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-tps-user-membership-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-tps-user-membership-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tps_user_cli_tps_user_membership-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u$i > $TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del userall > $TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del user1 > $TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del user2 > $TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-tps-user-del-tps-user-membership-del-user-del-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del user123 > $TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del testuser1 > $TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-tps-user-del-tps-user-membership-find-tps-user-del-testuser1.out" + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-tps-user-del-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-del-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" +# rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-find.sh new file mode 100755 index 000000000..88d2bb63f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-find.sh @@ -0,0 +1,720 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI user-cli-tps-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-membership-find Find TPS user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-membership-find.sh +###################################################################################### + +run_pki-tps-user-cli-tps-user-membership-find_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + + rlPhaseStartSetup "pki_tps_user_cli_tps_user_membership-find-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups tps-group-find + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="Administrators" + groupid4="TPS Operators" + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-002: pki tps-user-membership-find --help configuration test" + rlRun "pki tps-user-membership-find --help > $TmpDir/pki_tps_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki tps-user-membership-find --help" + rlAssertGrep "usage: tps-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tps_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_tps_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_tps_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-003: pki tps-user-membership-find configuration test" + rlRun "pki tps-user-membership-find > $TmpDir/pki_tps_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki tps-user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tps_user_membership_find_2_cfg.out" + rlAssertGrep "usage: tps-user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tps_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_tps_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_tps_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-004: Find tps-user-membership when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-user-membership-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-user-membership-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-user-membership-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-user-membership-find-user-find-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u$i > $TmpDir/pki-tps-user-membership-find-tps-user-show-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tps-user-membership-find-tps-user-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-user-membership-find-tps-user-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-user-membership-find-tps-user-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add u$i \"$gid\" > $TmpDir/pki-tps-user-membership-find-groupadd-tps-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find u$i > $TmpDir/pki-tps-user-membership-find-groupadd-find-00$i.out" \ + 0 \ + "Find tps-user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tps-user-membership-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-005: Find tps-user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-user-membership-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-user-membership-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-user-membership-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-user-membership-find-user-find-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show userall > $TmpDir/pki-tps-user-membership-find-tps-user-show-userall-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tps-user-membership-find-tps-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-user-membership-find-tps-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-user-membership-find-tps-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add userall \"$gid\" > $TmpDir/pki-tps-user-membership-find-groupadd-tps-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall > $TmpDir/pki-tps-user-membership-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find tps-user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-tps-user-membership-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-006: Find tps-user-membership of a user from the 3rd position (start=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=2 > $TmpDir/pki-tps-user-membership-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-007: Find all tps-user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=0 > $TmpDir/pki-tps-user-membership-find-groupadd-find-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-008: Find tps-user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=-1 > $TmpDir/pki-tps-user-membership-find-groupadd-find-start-003.out" \ + 0 \ + "Checking tps-user-membership to group" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-003.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-009: Find tps-user-memberships when page start greater than available number of groups (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=5 > $TmpDir/pki-tps-user-membership-find-groupadd-find-start-004.out" \ + 0 \ + "Checking tps-user-membership to group" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-membership-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-010: Should not be able to find tps-user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD tps-user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-011: Find tps-user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=0 > $TmpDir/pki-tps-user-membership-find-groupadd-find-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-012: Find tps-user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=1 > $TmpDir/pki-tps-user-membership-find-groupadd-find-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-013: Find tps-user-memberships when page size is max 4 (size=4)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=4 > $TmpDir/pki-tps-user-membership-find-groupadd-find-size-008.out" 0 \ + "user_membership-find with size paramete is max" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-008.out" + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-014: Find tps-user-memberships when page size is 5 (size=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=5 > $TmpDir/pki-tps-user-membership-find-groupadd-find-size-009.out" 0 \ + "user_membership-find with size parameter as 5" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-015: Find tps-user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=100 > $TmpDir/pki-tps-user-membership-find-groupadd-find-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-016: Find tps-user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=-1 > $TmpDir/pki-tps-user-membership-find-groupadd-find-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-user-membership-find-groupadd-find-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-017: Should not be able to find tps-user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-018: Find tps-user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=2 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=2 --size=5 > $TmpDir/pki-tps-user-membership-find-019.out" \ + 0 \ + "Find tps-user-membership with page start and page size option" + rlAssertGrep "4 entries matched" "$TmpDir/pki-tps-user-membership-find-019.out" + i=3 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-tps-user-membership-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-tps-user-membership-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-019: Find tps-user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --size=$maximum_check > $TmpDir/pki-tps-user-membership-find-020.out 2>&1" \ + 255 \ + "Find tps-user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tps-user-membership-find-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-020: Find tps-user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find userall --start=$maximum_check > $TmpDir/pki-tps-user-membership-find-021.out 2>&1" \ + 255 \ + "Find tps-user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-tps-user-membership-find-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-021: Should not be able to tps-user-membership-find using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-022: Should not be able to tps-user-membership-find using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-023: Should not be able to tps-user-membership-find using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using a valid agent TPS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-024: Should not be able to tps-user-membership-find using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using a expired admin TPS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-025: Should not be able to tps-user-membership-find using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using a expired agent TPS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-026: Should not be able to tps-user-membership-find using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using a valid officer TPS_officerV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-027: Should not be able to tps-user-membership-find using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using a valid operator TPS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-028: Should not be able to tps-user-membership-find using TPS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD tps-user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-029:Find tps-user-membership for user fullname with i18n characters" + user9="u9" + rlLog "tps-user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' $user9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='Éric Têko' $user9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-user-membership-add-groupadd-tps-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-user-membership-add-groupadd-tps-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user9 \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-user-membership-find-groupadd-tps-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find $user9 > $TmpDir/pki-tps-user-membership-find-groupadd-find-031_3.out" \ + 0 \ + "Find tps-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-030: Find tps-user-membership for user fullname with i18n characters" + user6="u5" + rlLog "tps-user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÖrjanÄke' $user6 > $TmpDir/pki-tps-user-add-tps-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-tps-user-add-tps-032.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-tps-user-add-tps-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user6 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-add $user6 \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-user-membership-find-groupadd-tps-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-find-groupadd-tps-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-membership-find $user6 > $TmpDir/pki-tps-user-membership-find-groupadd-find-032_3.out" \ + 0 \ + "Find tps-user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tps-user-membership-find-groupadd-find-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-tps-user-membership-find-groupadd-find-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_membership-find-031: Find tps-user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tps-user-membership-find-user-find-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tps-user-membership-find-user-find-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tps-user-membership-find-user-find-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tps-user-membership-find-user-find-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST tps-user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-tps-user-membership-find-user-find-033_2.out" 0 "Find tps-user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-user-membership-find-user-find-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tps_user_cli_tps_user_membership-find-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u$i > $TmpDir/pki-tps-user-del-user-membership-find-tps-user-del-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tps-user-del-user-membership-find-tps-user-del-00$i.out" + let i=$i+1 + done + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del userall > $TmpDir/pki-tps-user-del-user-membership-find-tps-user-del-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-tps-user-del-user-membership-find-tps-user-del-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del user123 > $TmpDir/pki-tps-user-del-user-membership-find-tps-user-del-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-tps-user-del-user-membership-find-tps-user-del-user123.out" + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-tps-user-del-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-user-del-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-mod.sh new file mode 100755 index 000000000..9f44118d4 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-mod.sh @@ -0,0 +1,1156 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-mod Modify existing users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tps-user-cli-tps-user-mod_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_tps_user_cli_tps_user_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + TPS_HOST=$(eval echo \$${MYROLE}) + TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + user1=tps_user + user1fullname="Test tps user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test tps user modified" + user1_mod_email="testtpsuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_officerV_user=${subsystemId}_officerV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-002: Modify a user's fullname in TPS using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tps-tps-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tps-tps-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-tps-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tps-tps-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-003: Modify a user's email,phone,state,password in TPS using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-tps-tps-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tps-tps-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-tps-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tps-tps-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-tps-tps-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-tps-tps-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tps-tps-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-tps-tps-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-tps-tps-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tps-tps-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-tps-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=\"$randsym\" u2 > $TmpDir/pki-tps-tps-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-tps-tps-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-tps-tps-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tps-tps-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=# u3 > $TmpDir/pki-tps-tps-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-tps-tps-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tps-tps-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tps-tps-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=* u4 > $TmpDir/pki-tps-tps-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-tps-tps-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tps-tps-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tps-tps-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=$ u5 > $TmpDir/pki-tps-tps-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-tps-tps-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tps-tps-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tps-tps-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=0 u6 > $TmpDir/pki-tps-tps-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-tps-tps-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tps-tps-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tps-tps-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-tps-tps-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-tps-tps-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tps-tps-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-tps-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state=\"$randsym\" u8 > $TmpDir/pki-tps-tps-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-tps-tps-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-tps-tps-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tps-tps-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state=# u9 > $TmpDir/pki-tps-tps-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-tps-tps-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tps-tps-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-tps-tps-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state=* u10 > $TmpDir/pki-tps-tps-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-tps-tps-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tps-tps-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-tps-tps-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state=$ u11 > $TmpDir/pki-tps-tps-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-tps-tps-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tps-tps-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tps-tps-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --state=0 u12 > $TmpDir/pki-tps-tps-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-tps-tps-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-tps-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tps-tps-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-tps-tps-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-tps-tps-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tps-tps-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-tps-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 8193 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test usr1" + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --phone='$randsym$special_symbols' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-tps-tps-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-tps-tps-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-tps-tps-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-tps-tps-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --phone=-1230 u14 > $TmpDir/pki-tps-tps-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-tps-tps-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tps-tps-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-tps-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tps-tps-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-023: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-024: Modify a user -- all options provided" + email="tps_user2@myemail.com" + user_password="tpsuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-tps-tps-user-mod-025.out" \ + 0 \ + "Modify user u15 to TPS -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-tps-tps-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tps-tps-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-tps-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-tps-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-tps-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-tps-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using officer users##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-032: Should not be able to modify user using an officer user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an officer cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as TPS_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted TPS users##### + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-034: Should not be able to modify user using a cert created from a untrusted TPS role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName='$user1fullname' u17" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-036: Modify a user in TPS using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-037: Modify a user in TPS using TPS admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-show u16 > $TmpDir/pki-tps-tps-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-tps-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-tps-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-tps-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-tps-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-tps-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-tps-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=\"\" u16 > $TmpDir/pki-tps-tps-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tps-tps-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-tps-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-tps-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-tps-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-tps-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-038: Modify a user in TPS using TPS_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-show u16 > $TmpDir/pki-tps-tps-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-tps-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-tps-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-tps-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-tps-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-tps-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-039: Modify a user in TPS using an admin user in TPS - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-show u16 > $TmpDir/pki-tps-tps-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-tps-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-tps-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-tps-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-tps-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify TPS users with the same value #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-040: Modify a user in TPS using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-show $user1 > $TmpDir/pki-tps-tps-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-tps-tps-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-tps-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tps-tps-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tps-tps-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tps-tps-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-tps-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tps-tps-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-041: Modify a user in TPS using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-show u16 > $TmpDir/pki-tps-tps-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-tps-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-tps-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-tps-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-tps-tps-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --email=\"$email\" u16 > $TmpDir/pki-tps-tps-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tps-tps-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-tps-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-tps-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-tps-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify TPS users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-042: Modify a user's fullname having i18n chars in TPS using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-tps-tps-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-tps-tps-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-tps-tps-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-tps-tps-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify TPS users having i18n chars in email #### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_mod-043: Modify a user's email having i18n chars in TPS using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps tps-user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tps_user_cli_user_tps_cleanup: Deleting role users" + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del usr$i > $TmpDir/pki-usr-del-tps-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-tps-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $i18nuser > $TmpDir/pki-user-del-tps-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-tps-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-show.sh new file mode 100755 index 000000000..b3fd50f79 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-show.sh @@ -0,0 +1,1123 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-user-cli +# Description: PKI tps-user-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-user-cli-tps-user-show Show TPS users +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-show.sh +###################################################################################### + +######################################################################## +run_pki-tps-user-cli-tps-user-show_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_tps_user_cli_tps_user_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + #local variables + user1=tps_agent2 + user1fullname="Test tps_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + rlPhaseStartTest "pki_tps_user_show-configtest: pki tps-user-show configuration test" + rlRun "pki tps-user-show --help > $TmpDir/pki_tps_user_show_cfg.out 2>&1" \ + 0 \ + "pki tps-user-show" + rlAssertGrep "usage: tps-user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_tps_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_tps_user_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TPS users #### + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-001: Add user to TPS using TPS_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user1 > $TmpDir/pki-tps-user-show-001.out" \ + 0 \ + "Show user $user1" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-tps-user-show-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-user-show-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user2 > $TmpDir/pki-tps-user-show-001_1.out" \ + 0 \ + "Show $user2 user" + rlAssertGrep "User \"$user2\"" "$TmpDir/pki-tps-user-show-001_1.out" + actual_userid_string=`cat $TmpDir/pki-tps-user-show-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user3 > $TmpDir/pki-tps-user-show-001_2.out" \ + 0 \ + "Show $user3 user" + rlAssertGrep "User \"$user3\"" "$TmpDir/pki-tps-user-show-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-tps-user-show-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user4 > $TmpDir/pki-tps-user-show-001_3.out" \ + 0 \ + "Show $user4 user" + rlAssertGrep "User \"$user4\"" "$TmpDir/pki-tps-user-show-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-tps-user-show-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user5 > $TmpDir/pki-tps-user-show-001_4.out" \ + 0 \ + "Show $user5 user" + rlAssertGrep "User \"$user5\"" "$TmpDir/pki-tps-user-show-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-tps-user-show-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user6 > $TmpDir/pki-tps-user-show-001_5.out" \ + 0 \ + "Show $user6 user" + rlAssertGrep "User \"$user6\"" "$TmpDir/pki-tps-user-show-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-tps-user-show-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show $user7 > $TmpDir/pki-tps-user-show-001_6.out" \ + 0 \ + "Show user $user7" + rlAssertGrep "User \"$user7\"" "$TmpDir/pki-tps-user-show-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-tps-user-show-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u1 > $TmpDir/pki-tps-user-show-001_7.out" \ + 0 \ + "Show user u1" + rlAssertGrep "User \"u1\"" "$TmpDir/pki-tps-user-show-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tps-user-show-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_7.out" + actual_email_string=`cat $TmpDir/pki-tps-user-show-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u2 > $TmpDir/pki-tps-user-show-001_8.out" \ + 0 \ + "Show user u2" + rlAssertGrep "User \"u2\"" "$TmpDir/pki-tps-user-show-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tps-user-show-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_8.out" + actual_email_string=`cat $TmpDir/pki-tps-user-show-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u3 > $TmpDir/pki-tps-user-show-001_9.out" \ + 0 \ + "Add user u3" + rlAssertGrep "User \"u3\"" "$TmpDir/pki-tps-user-show-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tps-user-show-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tps-user-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u4 > $TmpDir/pki-tps-user-show-001_10.out" \ + 0 \ + "Show user u4 using ${prefix}_adminV" + rlAssertGrep "User \"u4\"" "$TmpDir/pki-tps-user-show-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tps-user-show-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tps-user-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u5 > $TmpDir/pki-tps-user-show-001_11.out" \ + 0 \ + "Show user u5 using ${prefix}_adminV" + rlAssertGrep "User \"u5\"" "$TmpDir/pki-tps-user-show-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tps-user-show-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tps-user-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u6 > $TmpDir/pki-tps-user-show-001_12.out" \ + 0 \ + "Show user u6 using ${prefix}_adminV" + rlAssertGrep "User \"u6\"" "$TmpDir/pki-tps-user-show-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tps-user-show-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tps-user-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u7 > $TmpDir/pki-tps-user-show-001_13.out" \ + 0 \ + "Show user u7 using ${prefix}_adminV" + rlAssertGrep "User \"u7\"" "$TmpDir/pki-tps-user-show-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tps-user-show-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_13.out" + actual_state_string=`cat $TmpDir/pki-tps-user-show-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tps-user-show-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-tps-user-show-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u8 > $TmpDir/pki-tps-user-show-001_14.out" \ + 0 \ + "Show user u8 using ${prefix}_adminV" + rlAssertGrep "User \"u8\"" "$TmpDir/pki-tps-user-show-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tps-user-show-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_14.out" + actual_state_string=`cat $TmpDir/pki-tps-user-show-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-tps-user-show-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-tps-user-show-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u9 > $TmpDir/pki-tps-user-show-001_15.out" \ + 0 \ + "Show user u9 using ${prefix}_adminV" + rlAssertGrep "User \"u9\"" "$TmpDir/pki-tps-user-show-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tps-user-show-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-tps-user-show-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u10 > $TmpDir/pki-tps-user-show-001_16.out" \ + 0 \ + "Show user u10 using ${prefix}_adminV" + rlAssertGrep "User \"u10\"" "$TmpDir/pki-tps-user-show-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tps-user-show-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-tps-user-show-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u11 > $TmpDir/pki-tps-user-show-001_17.out" \ + 0 \ + "Show user u11 using ${prefix}_adminV" + rlAssertGrep "User \"u11\"" "$TmpDir/pki-tps-user-show-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tps-user-show-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tps-user-show-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u12 > $TmpDir/pki-tps-user-show-001_18.out" \ + 0 \ + "Show pki ${prefix}_adminV user" + rlAssertGrep "User \"u12\"" "$TmpDir/pki-tps-user-show-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-user-show-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tps-user-show-001_18.out" + rlPhaseEnd + + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u13 > $TmpDir/pki-tps-user-show-001_19.out" \ + 0 \ + "Show user u13 using ${prefix}_adminV" + rlAssertGrep "User \"u13\"" "$TmpDir/pki-tps-user-show-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tps-user-show-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-show-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u14 > $TmpDir/pki-tps-user-show-001_24.out" \ + 0 \ + "Show user u14 using ${prefix}_adminV" + rlAssertGrep "User \"u14\"" "$TmpDir/pki-tps-user-show-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tps-user-show-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tps-user-show-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u15 > $TmpDir/pki-tps-user-show-001_25.out" \ + 0 \ + "Show user u15 using ${prefix}_adminV" + rlAssertGrep "User \"u15\"" "$TmpDir/pki-tps-user-show-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tps-user-show-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-tps-user-show-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u16 > $TmpDir/pki-tps-user-show-001_26.out" \ + 0 \ + "Show user u16 using ${prefix}_adminV" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-user-show-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-show-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-tps-user-show-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u17 > $TmpDir/pki-tps-user-show-001_27.out" \ + 0 \ + "Show user u17 using ${prefix}_adminV" + rlAssertGrep "User \"u17\"" "$TmpDir/pki-tps-user-show-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-tps-user-show-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-tps-user-show-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u18 > $TmpDir/pki-tps-user-show-001_28.out" \ + 0 \ + "Show user u18 using ${prefix}_adminV" + rlAssertGrep "User \"u18\"" "$TmpDir/pki-tps-user-show-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-tps-user-show-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-tps-user-show-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u19 > $TmpDir/pki-tps-user-show-001_29.out" \ + 0 \ + "Show user u19 using ${prefix}_adminV" + rlAssertGrep "User \"u19\"" "$TmpDir/pki-tps-user-show-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-tps-user-show-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-tps-user-show-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u20 > $TmpDir/pki-tps-user-show-001_30.out" \ + 0 \ + "Show user u20 using ${prefix}_adminV" + rlAssertGrep "User \"u20\"" "$TmpDir/pki-tps-user-show-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tps-user-show-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-tps-user-show-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u21 > $TmpDir/pki-tps-user-show-001_31.out" \ + 0 \ + "Show user u21 using ${prefix}_adminV" + rlAssertGrep "User \"u21\"" "$TmpDir/pki-tps-user-show-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-tps-user-show-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-show-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-tps-user-show-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-029: Show user with -t tps option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + tps-user-show u22 > $TmpDir/pki-tps-user-show-001_32.out" \ + 0 \ + "Show user u22 using ${prefix}_adminV" + rlAssertGrep "User \"u22\"" "$TmpDir/pki-tps-user-show-001_32.out" + rlAssertGrep "User ID: u22" "$TmpDir/pki-tps-user-show-001_32.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-show-001_32.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u23 > $TmpDir/pki-tps-user-show-001_33.out" \ + 0 \ + "Show user u23 using ${prefix}_adminV" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-tps-user-show-001_33.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tps-user-show-001_33.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-show-001_33.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-user-show-001_33.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-show-001_33.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-tps-user-show-001_33.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-show-001_33.out" + rlPhaseEnd + + #Negative Cases + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show U23 > $TmpDir/pki-tps-user-show-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-tps-user-show-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-tps-user-show-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-show-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-user-show-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-show-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-tps-user-show-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-033: Should not be able to show user using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-034: Should not be able to show user using a agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-035: Should not be able to show user using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-036: Should not be able to show user using a TPS_agentR user" + rlLog "To test error message consistency for the request pki_tps_user_cli_tps_user_show-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-037: Should not be able to show user using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-038: Should not be able to show user using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-039: Should not be able to show user using a TPS_officerV" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a officer cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-040: Should not be able to show user using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) tps-user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u23 > $TmpDir/pki-tps-user-show-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-show-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password tps-user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-tps-user-show-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-user-show-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show \"$user_length_exceed_max\" > $TmpDir/pki-tps-user-show-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-tps-user-show-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-044: user name with i18n characters" + rlLog "tps-user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-tps-user-show-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u24 > $TmpDir/pki-tps-user-show-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-tps-user-show-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-tps-user-show-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-tps-user-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_user_cli_tps_user_show-045: user name with i18n characters" + rlLog "tps-user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-tps-user-show-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-show u25 > $TmpDir/pki-tps-user-show-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-tps-user-show-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-tps-user-show-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-tps-user-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_officerV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del u$i > $TmpDir/pki-tps-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-tps-user-del-tps-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + tps-user-del $usr > $TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-tps-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance is not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh index fd63113de..36252bb1f 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh @@ -1198,7 +1198,7 @@ run_pki-user-cli-user-add-kra_tests(){ rlPhaseStartTest "pki_user_cli_user_add-KRA-058: email address with i18n characters" rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t kra user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" rlLog "Executing $command" errmsg="ProcessingException: Unable to invoke request" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh index 19c10134a..15e1ba4ff 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh @@ -967,7 +967,7 @@ run_pki-user-cli-user-show-kra_tests(){ rlPhaseStartTest "pki_user_cli_user_show-KRA-036: Should not be able to show user using a KRA_agentR user" rlLog "To test error message consistency for the request pki_user_cli_user_show-KRA-034" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t kra user-show u23" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" rlLog "Executing $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh index e804274b1..e7f0b1165 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh @@ -1200,7 +1200,7 @@ run_pki-user-cli-user-add-ocsp_tests(){ rlPhaseStartTest "pki_user_cli_user_add-OCSP-058: email address with i18n characters" rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t ocsp user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" rlLog "Executing $command" errmsg="ProcessingException: Unable to invoke request" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh index 560e9c96b..75e8226e4 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh @@ -968,7 +968,7 @@ run_pki-user-cli-user-show-ocsp_tests(){ rlPhaseStartTest "pki_user_cli_user_show-OCSP-036: Should not be able to show user using a OCSP_agentR user" rlLog "To test error message consistency for the request pki_user_cli_user_show-OCSP-034" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t ocsp user-show u23" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" rlLog "Executing $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh index c925eebb8..090149191 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh @@ -1195,7 +1195,7 @@ run_pki-user-cli-user-add-tks_tests(){ rlPhaseStartTest "pki_user_cli_user_add-TKS-058: email address with i18n characters" rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tks user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" rlLog "Executing $command" errmsg="ProcessingException: Unable to invoke request" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh index 0db5663dd..16233192a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh @@ -964,7 +964,7 @@ run_pki-user-cli-user-show-tks_tests(){ rlPhaseStartTest "pki_user_cli_user_show-TKS-036: Should not be able to show user using a TKS_agentR user" rlLog "To test error message consistency for the request pki_user_cli_user_show-TKS-034" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tks user-show u23" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" rlLog "Executing $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh index e1fba8902..0447d6cf8 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh @@ -1198,7 +1198,7 @@ run_pki-user-cli-user-add-tps_tests(){ rlPhaseStartTest "pki_user_cli_user_add-TPS-058: email address with i18n characters" rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tps user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" rlLog "Executing $command" errmsg="ProcessingException: Unable to invoke request" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh index 9d76a7636..d91605c85 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh @@ -586,7 +586,7 @@ Import CA certificate (Y/n)? \"" >> $expfile user-membership-add $user2 \"$groupid3\" > $TmpDir/pki-user-membership-add-groupadd-tps-usertest2-019_2.out" \ 0 \ "Adding user $user2 to group \"$groupid3\"" - rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-tps-usertest2-019_2.out" + rlAssertGrep "Added membership in \"$groupid3\"" "$TmpDir/pki-user-membership-add-groupadd-tps-usertest2-019_2.out" rlAssertGrep "Group: $groupid3" "$TmpDir/pki-user-membership-add-groupadd-tps-usertest2-019_2.out" rlLog "Check if the user is added to the group" rlRun "pki -d $CERTDB_DIR \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh index 62209e36d..763fd48e3 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh @@ -422,7 +422,7 @@ run_pki-user-cli-user-membership-find-tps_tests(){ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t tps \ - user-membership-find userall --start=6 --size=5" + user-membership-find userall --start=2 --size=5" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -432,7 +432,7 @@ run_pki-user-cli-user-membership-find-tps_tests(){ user-membership-find userall --start=2 --size=5 > $TmpDir/pki-user-membership-find-tps-019.out" \ 0 \ "Find user-membership with page start and page size option" - rlAssertGrep "2 entries matched" "$TmpDir/pki-user-membership-find-tps-019.out" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-tps-019.out" i=3 while [ $i -lt 5 ] ; do eval gid=\$groupid$i @@ -630,7 +630,7 @@ run_pki-user-cli-user-membership-find-tps_tests(){ rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-030: Find user-membership for user fullname with i18n characters" - user6="u6" + user6="u5" rlLog "user-add user fullname ÖrjanÄke with i18n characters" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ @@ -705,7 +705,7 @@ run_pki-user-cli-user-membership-find-tps_tests(){ #===Deleting users created using TPS_adminV cert===# i=1 - while [ $i -lt 7 ] ; do + while [ $i -lt 6 ] ; do rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh index 99f3582c2..08710125d 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh @@ -966,7 +966,7 @@ run_pki-user-cli-user-show-tps_tests(){ rlPhaseStartTest "pki_user_cli_user_show-TPS-036: Should not be able to show user using a TPS_agentR user" rlLog "To test error message consistency for the request pki_user_cli_user_show-TPS-034" - command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tps user-show u23" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" rlLog "Executing $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 diff --git a/tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh b/tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh index f3eac02b6..a5c1ac103 100644 --- a/tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh +++ b/tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh @@ -67,7 +67,7 @@ run_pki-legacy-ca-scep_tests() local search_string="ca.scep.enable=false" local replace_string="ca.scep.enable=true" - local scep_location="ftp://wiki.idm.lab.bos.redhat.com/dirsec/images-mp1/packages/scep_software/sscep/rhel7-x86_64_modified" + local scep_location="ftp://wiki.idmqe.lab.eng.bos.redhat.com/dirsec/images-mp1/packages/scep_software/sscep/rhel7-x86_64_modified" local scep_enroll_pin="netscape" local scep_password="netscape" local scep_host_ip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') @@ -242,7 +242,7 @@ ca_file_loc_EOF rlLog "BZ1199692 - https://bugzilla.redhat.com/show_bug.cgi?id=1199692" rlPhaseEnd - rlPhaseStartTest "pki_ca_scep_tests_cleanup: delete temporary directory and turn off sscep " + rlPhaseStartCleanup "pki_ca_scep_tests_cleanup: delete temporary directory and turn off sscep " #Delete temporary directory rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index f1caebef9..06f5c77d8 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -249,12 +249,58 @@ . ./acceptance/cli-tests/pki-kra-key-cli/pki-kra-key-cli-recover-kra.sh . ./acceptance/cli-tests/pki-kra-key-cli/pki-kra-key-cli-retrieve-kra.sh . ./acceptance/cli-tests/pki-kra-key-cli/pki-kra-key-cli-request-review-kra.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-add.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-show.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-find.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-del.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-add.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-find.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-membership-del.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-add.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-find.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-show.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-mod.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-del.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-add.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-find.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-membership-del.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-add.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-find.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-show.sh +. ./acceptance/cli-tests/pki-ocsp-user-cli/pki-ocsp-user-cli-ocsp-user-cert-delete.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-add.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-find.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-show.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-mod.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-del.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-add.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-find.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-membership-del.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-add.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-find.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-show.sh +. ./acceptance/cli-tests/pki-tks-user-cli/pki-tks-user-cli-tks-user-cert-delete.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-add.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-find.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-show.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-mod.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-del.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-add.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-find.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-membership-del.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-add.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-find.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-show.sh +. ./acceptance/cli-tests/pki-tps-user-cli/pki-tps-user-cli-tps-user-cert-delete.sh . ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-add.sh . ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-mod.sh . ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-find.sh @@ -1973,20 +2019,83 @@ rlJournalStart subsystemId=$KRA_INST subsystemType=kra caId=$CA_INST + run_pki-kra-user-cli-kra-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-kra-user-cli-kra-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-kra-user-cli-kra-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-kra-user-cli-kra-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-kra-user-cli-kra-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-kra-user-cli-kra-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-kra-user-cli-kra-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-kra-user-cli-kra-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-kra-user-cli-user-cert-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-kra-user-cli-kra-user-cert-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-kra-user-cli-kra-user-cert-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-kra-user-cli-kra-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER fi + KRA_USER_ADD_UPPERCASE=$(echo $KRA_USER_ADD | tr [a-z] [A-Z]) + if [ "$KRA_USER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-user-add tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-kra-user-cli-kra-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + KRA_USER_SHOW_UPPERCASE=$(echo $KRA_USER_SHOW | tr [a-z] [A-Z]) + if [ "$KRA_USER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-user-show tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-kra-user-cli-kra-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + KRA_USER_FIND_UPPERCASE=$(echo $KRA_USER_FIND | tr [a-z] [A-Z]) + if [ "$KRA_USER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-user-find tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-kra-user-cli-kra-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi KRA_USER_MOD_UPPERCASE=$(echo $KRA_USER_MOD | tr [a-z] [A-Z]) if [ "$KRA_USER_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki kra-user-mod tests subsystemId=$KRA_INST - subsystemType=kra + subsystemType=kra caId=$CA_INST run_pki-kra-user-cli-kra-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER fi + KRA_USER_DEL_UPPERCASE=$(echo $KRA_USER_DEL | tr [a-z] [A-Z]) + if [ "$KRA_USER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-user-del tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-kra-user-cli-kra-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + KRA_USER_MEMBERSHIP_ADD_UPPERCASE=$(echo $KRA_USER_MEMBERSHIP_ADD | tr [a-z] [A-Z]) + if [ "$KRA_USER_MEMBERSHIP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-user-membership-add tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-kra-user-cli-kra-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + KRA_USER_MEMBERSHIP_FIND_UPPERCASE=$(echo $KRA_USER_MEMBERSHIP_FIND | tr [a-z] [A-Z]) + if [ "$KRA_USER_MEMBERSHIP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-user-membership-find tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-kra-user-cli-kra-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + KRA_USER_MEMBERSHIP_DEL_UPPERCASE=$(echo $KRA_USER_MEMBERSHIP_DEL | tr [a-z] [A-Z]) + if [ "$KRA_USER_MEMBERSHIP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-user-membership-del tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-kra-user-cli-kra-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi KRA_USER_CERT_ADD_UPPERCASE=$(echo $KRA_USER_CERT_ADD | tr [a-z] [A-Z]) if [ "$KRA_USER_CERT_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-user-cert-add tests @@ -2021,6 +2130,363 @@ rlJournalStart run_pki-kra-user-cli-kra-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER fi + ######## PKI OCSP_USER TESTS ############ + PKI_OCSP_USER_UPPERCASE=$(echo $PKI_OCSP_USER | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_USER_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-cert $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-cert-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-cert-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-cert-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_ADD_UPPERCASE=$(echo $OCSP_USER_ADD | tr [a-z] [A-Z]) + if [ "$OCSP_USER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-add tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_SHOW_UPPERCASE=$(echo $OCSP_USER_SHOW | tr [a-z] [A-Z]) + if [ "$OCSP_USER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-show tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_FIND_UPPERCASE=$(echo $OCSP_USER_FIND | tr [a-z] [A-Z]) + if [ "$OCSP_USER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-find tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_MOD_UPPERCASE=$(echo $OCSP_USER_MOD | tr [a-z] [A-Z]) + if [ "$OCSP_USER_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-mod tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_DEL_UPPERCASE=$(echo $OCSP_USER_DEL | tr [a-z] [A-Z]) + if [ "$OCSP_USER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-del tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_MEMBERSHIP_ADD_UPPERCASE=$(echo $OCSP_USER_MEMBERSHIP_ADD | tr [a-z] [A-Z]) + if [ "$OCSP_USER_MEMBERSHIP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-membership-add tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_MEMBERSHIP_FIND_UPPERCASE=$(echo $OCSP_USER_MEMBERSHIP_FIND | tr [a-z] [A-Z]) + if [ "$OCSP_USER_MEMBERSHIP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-membership-find tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_MEMBERSHIP_DEL_UPPERCASE=$(echo $OCSP_USER_MEMBERSHIP_DEL | tr [a-z] [A-Z]) + if [ "$OCSP_USER_MEMBERSHIP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-membership-del tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_CERT_ADD_UPPERCASE=$(echo $OCSP_USER_CERT_ADD | tr [a-z] [A-Z]) + if [ "$OCSP_USER_CERT_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ca-user-cert-add tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-cert $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-user-cli-ocsp-user-cert-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_CERT_FIND_UPPERCASE=$(echo $OCSP_USER_CERT_FIND | tr [a-z] [A-Z]) + if [ "$OCSP_USER_CERT_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-cert-find tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-cert-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_CERT_SHOW_UPPERCASE=$(echo $OCSP_USER_CERT_SHOW | tr [a-z] [A-Z]) + if [ "$OCSP_USER_CERT_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-cert-show tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-cert-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_USER_CERT_DEL_UPPERCASE=$(echo $OCSP_USER_CERT_DEL | tr [a-z] [A-Z]) + if [ "$OCSP_USER_CERT_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-user-cert-del tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-user-cli-ocsp-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + + ######## PKI TKS_USER TESTS ############ + PKI_TKS_USER_UPPERCASE=$(echo $PKI_TKS_USER | tr [a-z] [A-Z]) + if [ "$PKI_TKS_USER_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-cert $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-cert-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-cert-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-cert-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_ADD_UPPERCASE=$(echo $TKS_USER_ADD | tr [a-z] [A-Z]) + if [ "$TKS_USER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-add tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_SHOW_UPPERCASE=$(echo $TKS_USER_SHOW | tr [a-z] [A-Z]) + if [ "$TKS_USER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-show tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_FIND_UPPERCASE=$(echo $TKS_USER_FIND | tr [a-z] [A-Z]) + if [ "$TKS_USER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-find tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_MOD_UPPERCASE=$(echo $TKS_USER_MOD | tr [a-z] [A-Z]) + if [ "$TKS_USER_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-mod tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_DEL_UPPERCASE=$(echo $TKS_USER_DEL | tr [a-z] [A-Z]) + if [ "$TKS_USER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-del tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_MEMBERSHIP_ADD_UPPERCASE=$(echo $TKS_USER_MEMBERSHIP_ADD | tr [a-z] [A-Z]) + if [ "$TKS_USER_MEMBERSHIP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-membership-add tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_MEMBERSHIP_FIND_UPPERCASE=$(echo $TKS_USER_MEMBERSHIP_FIND | tr [a-z] [A-Z]) + if [ "$TKS_USER_MEMBERSHIP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-membership-find tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_MEMBERSHIP_DEL_UPPERCASE=$(echo $TKS_USER_MEMBERSHIP_DEL | tr [a-z] [A-Z]) + if [ "$TKS_USER_MEMBERSHIP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-membership-del tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_CERT_ADD_UPPERCASE=$(echo $TKS_USER_CERT_ADD | tr [a-z] [A-Z]) + if [ "$TKS_USER_CERT_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ca-user-cert-add tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-cert $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-user-cli-tks-user-cert-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_CERT_FIND_UPPERCASE=$(echo $TKS_USER_CERT_FIND | tr [a-z] [A-Z]) + if [ "$TKS_USER_CERT_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-cert-find tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-cert-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_CERT_SHOW_UPPERCASE=$(echo $TKS_USER_CERT_SHOW | tr [a-z] [A-Z]) + if [ "$TKS_USER_CERT_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-cert-show tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-cert-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_USER_CERT_DEL_UPPERCASE=$(echo $TKS_USER_CERT_DEL | tr [a-z] [A-Z]) + if [ "$TKS_USER_CERT_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-user-cert-del tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-user-cli-tks-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + + ######## PKI TPS_USER TESTS ############ + PKI_TPS_USER_UPPERCASE=$(echo $PKI_TPS_USER | tr [a-z] [A-Z]) + if [ "$PKI_TPS_USER_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-cert $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-cert-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-cert-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-cert-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_ADD_UPPERCASE=$(echo $TPS_USER_ADD | tr [a-z] [A-Z]) + if [ "$TPS_USER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-add tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_SHOW_UPPERCASE=$(echo $TPS_USER_SHOW | tr [a-z] [A-Z]) + if [ "$TPS_USER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-show tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_FIND_UPPERCASE=$(echo $TPS_USER_FIND | tr [a-z] [A-Z]) + if [ "$TPS_USER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-find tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_MOD_UPPERCASE=$(echo $TPS_USER_MOD | tr [a-z] [A-Z]) + if [ "$TPS_USER_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-mod tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-mod_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_DEL_UPPERCASE=$(echo $TPS_USER_DEL | tr [a-z] [A-Z]) + if [ "$TPS_USER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-del tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_MEMBERSHIP_ADD_UPPERCASE=$(echo $TPS_USER_MEMBERSHIP_ADD | tr [a-z] [A-Z]) + if [ "$TPS_USER_MEMBERSHIP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-membership-add tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-membership-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_MEMBERSHIP_FIND_UPPERCASE=$(echo $TPS_USER_MEMBERSHIP_FIND | tr [a-z] [A-Z]) + if [ "$TPS_USER_MEMBERSHIP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-membership-find tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-membership-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_MEMBERSHIP_DEL_UPPERCASE=$(echo $TPS_USER_MEMBERSHIP_DEL | tr [a-z] [A-Z]) + if [ "$TPS_USER_MEMBERSHIP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-membership-del tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-membership-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_CERT_ADD_UPPERCASE=$(echo $TPS_USER_CERT_ADD | tr [a-z] [A-Z]) + if [ "$TPS_USER_CERT_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ca-user-cert-add tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-cert $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-user-cli-tps-user-cert-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_CERT_FIND_UPPERCASE=$(echo $TPS_USER_CERT_FIND | tr [a-z] [A-Z]) + if [ "$TPS_USER_CERT_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-cert-find tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-cert-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_CERT_SHOW_UPPERCASE=$(echo $TPS_USER_CERT_SHOW | tr [a-z] [A-Z]) + if [ "$TPS_USER_CERT_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-cert-show tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-cert-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_USER_CERT_DEL_UPPERCASE=$(echo $TPS_USER_CERT_DEL | tr [a-z] [A-Z]) + if [ "$TPS_USER_CERT_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-user-cert-del tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-user-cli-tps-user-cert-delete_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI KRA GROUP TESTS ############ PKI_KRA_GROUP_TEST_UPPERCASE=$(echo $PKI_KRA_GROUP_TEST | tr [a-z] [A-Z]) if [ "$PKI_KRA_GROUP_TEST_UPPERCASE" = "TRUE" ] ; then |