diff options
| author | Roshni Pattath <rpattath@redhat.com> | 2014-12-04 01:27:12 -0500 |
|---|---|---|
| committer | Roshni Pattath <rpattath@redhat.com> | 2014-12-04 01:29:02 -0500 |
| commit | 5503f04f3e06e69ec9de837ff83d50a6db9a6ddc (patch) | |
| tree | 44aadc7044ecca7431c1d68151bf61236b809d96 /tests/dogtag | |
| parent | d92c531cf02c900bf952e654b6b9bb753acfe3b1 (diff) | |
| download | pki-5503f04f3e06e69ec9de837ff83d50a6db9a6ddc.tar.gz pki-5503f04f3e06e69ec9de837ff83d50a6db9a6ddc.tar.xz pki-5503f04f3e06e69ec9de837ff83d50a6db9a6ddc.zip | |
KRA group test scripts and CI changes
Diffstat (limited to 'tests/dogtag')
60 files changed, 14775 insertions, 3068 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index ba4195014..28888044b 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -186,6 +186,26 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh + #group KRA + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh + #KRA group + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-add.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-mod.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-show.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-del.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh + chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh #key KRA chmod a+x ./acceptance/cli-tests/pki-key-cli/pki-key-cli-kra.sh chmod a+x ./acceptance/cli-tests/pki-key-cli/pki-key-cli-generate-kra.sh diff --git a/tests/dogtag/acceptance/bugzilla/pki-core-bugs/CSbackup-bug.sh b/tests/dogtag/acceptance/bugzilla/pki-core-bugs/CSbackup-bug.sh index b7507b73b..a8d18b248 100755 --- a/tests/dogtag/acceptance/bugzilla/pki-core-bugs/CSbackup-bug.sh +++ b/tests/dogtag/acceptance/bugzilla/pki-core-bugs/CSbackup-bug.sh @@ -40,143 +40,12 @@ ######################################################################## # Test Suite Globals ######################################################################## -BUGCA_LDAP_PORT="1801" -BUGCA_LDAP_INSTANCE_NAME="pki-ca-bug" -BUGCA_LDAP_DB_SUFFIX="dc=pki-ca" -BUGCA_SUBSYSTEM_NAME="BUGCA" -BUGCA_INSTANCE_CFG="/tmp/bugca_instance.inf" -BUGCA_INSTANCE_OUT="/tmp/bugca_instance_create.out" -BUGKRA_INSTANCE_CFG="/tmp/bugkra_instance.inf" -BUGKRA_INSTANCE_OUT="/tmp/bugkra_instance_create.out" -BUGOCSP_INSTANCE_CFG="/tmp/bugocsp_instance.inf" -BUGOCSP_INSTANCE_OUT="/tmp/bugocsp_instance_create.out" -BUGTKS_INSTANCE_CFG="/tmp/bugtks_instance.inf" -BUGTKS_INSTANCE_OUT="/tmp/bugtks_instance_create.out" -BUGCA_TOMCAT_INSTANCE_NAME="pki-ca-bug" -BUGCA_ADMIN_PASSWORD="Secret123" -BUGCA_CLIENT_PKCS12_PASSWORD="Secret123" -BUGCA_HTTP_PORT="30051" -BUGCA_HTTPS_PORT="30050" -BUGCA_TOMCAT_SERVER_PORT="30052" -BUGCA_SEC_DOMAIN_HTTPS_PORT="30050" -BUGCA_SEC_DOMAIN_PASSWORD="Secret123" -BUG_LDAP_ROOTDN="cn=Directory Manager" -BUG_LDAP_ROOTDNPWD="Secret123" -BUGKRA_LDAP_PORT="1802" -BUGKRA_LDAP_INSTANCE_NAME="pki-kra-bug" -BUGKRA_LDAP_DB_SUFFIX="dc=pki-kra" -BUGKRA_SUBSYSTEM_NAME="BUGKRA" -BUGKRA_PKI_CLIENT_DATABASE_PASSWORD="Secret123" -BUGKRA_PKI_SECURITY_DOMAIN_USER="caadmin" -BUGOCSP_LDAP_PORT="1803" -BUGOCSP_LDAP_INSTANCE_NAME="pki-ocsp-bug" -BUGOCSP_LDAP_DB_SUFFIX="dc=pki-ocsp" -BUGOCSP_SUBSYSTEM_NAME="BUGOCSP" -BUGOCSP_PKI_CLIENT_DATABASE_PASSWORD="Secret123" -BUGOCSP_PKI_SECURITY_DOMAIN_USER="caadmin" -BUGTKS_LDAP_PORT="1804" -BUGTKS_LDAP_INSTANCE_NAME="pki-tks-bug" -BUGTKS_LDAP_DB_SUFFIX="dc=pki-tks" -BUGTKS_SUBSYSTEM_NAME="BUGTKS" -BUGTKS_PKI_CLIENT_DATABASE_PASSWORD="Secret123" -BUGTKS_PKI_SECURITY_DOMAIN_USER="caadmin" run_CS-backup-bug-verification(){ rlPhaseStartTest "bug_1061442: CS backup bug" rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1061442" - cat /etc/redhat-release | grep "Fedora" - if [ $? -eq 0 ] ; then - FLAVOR="Fedora" - rlLog "Automation is running against Fedora" - else - FLAVOR="RHEL" - rlLog "Automation is running against RHEL" - fi - rhcs_install_set_ldap_vars - rlRun "rhds_install $BUGCA_LDAP_PORT $BUGCA_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGCA_LDAP_DB_SUFFIX $BUGCA_SUBSYSTEM_NAME" - echo "[DEFAULT]" > $BUGCA_INSTANCE_CFG - echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGCA_INSTANCE_CFG - echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGCA_INSTANCE_CFG - echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGCA_INSTANCE_CFG - echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGCA_INSTANCE_CFG - echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGCA_INSTANCE_CFG - echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGCA_INSTANCE_CFG - echo "pki_ds_database=$BUGCA_LDAP_INSTANCE_NAME" >> $BUGCA_INSTANCE_CFG - echo "pki_ds_ldap_port=$BUGCA_LDAP_PORT" >> $BUGCA_INSTANCE_CFG - echo "pki_ds_base_dn=$BUGCA_LDAP_DB_SUFFIX" >> $BUGCA_INSTANCE_CFG - echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGCA_INSTANCE_CFG - echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGCA_INSTANCE_CFG - echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGCA_INSTANCE_CFG - echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGCA_INSTANCE_CFG - rlRun "pkispawn -s CA -v -f $BUGCA_INSTANCE_CFG > $BUGCA_INSTANCE_OUT" - - # Create a KRA instance - - rlRun "rhds_install $BUGKRA_LDAP_PORT $BUGKRA_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGKRA_LDAP_DB_SUFFIX $BUGKRA_SUBSYSTEM_NAME" - echo "[DEFAULT]" > $BUGKRA_INSTANCE_CFG - echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGKRA_INSTANCE_CFG - echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGKRA_INSTANCE_CFG - echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGKRA_INSTANCE_CFG - echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGKRA_INSTANCE_CFG - echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGKRA_INSTANCE_CFG - echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGKRA_INSTANCE_CFG - echo "pki_ds_database=$BUGKRA_LDAP_INSTANCE_NAME" >> $BUGKRA_INSTANCE_CFG - echo "pki_ds_ldap_port=$BUGKRA_LDAP_PORT" >> $BUGKRA_INSTANCE_CFG - echo "pki_ds_base_dn=$BUGKRA_LDAP_DB_SUFFIX" >> $BUGKRA_INSTANCE_CFG - echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGKRA_INSTANCE_CFG - echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGKRA_INSTANCE_CFG - echo "pki_security_domain_hostname=$MASTER" >> $BUGKRA_INSTANCE_CFG - echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGKRA_INSTANCE_CFG - echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGKRA_INSTANCE_CFG - echo "pki_security_domain_user= $BUGKRA_PKI_SECURITY_DOMAIN_USER" >> $BUGKRA_INSTANCE_CFG - echo "pki_client_database_password=$BUGKRA_PKI_CLIENT_DATABASE_PASSWORD" >> $BUGKRA_INSTANCE_CFG - rlRun "pkispawn -s KRA -v -f $BUGKRA_INSTANCE_CFG > $BUGKRA_INSTANCE_OUT" - - # Create a OCSP instance - - rlRun "rhds_install $BUGOCSP_LDAP_PORT $BUGOCSP_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGOCSP_LDAP_DB_SUFFIX $BUGOCSP_SUBSYSTEM_NAME" - echo "[DEFAULT]" > $BUGOCSP_INSTANCE_CFG - echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGOCSP_INSTANCE_CFG - echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGOCSP_INSTANCE_CFG - echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGOCSP_INSTANCE_CFG - echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGOCSP_INSTANCE_CFG - echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGOCSP_INSTANCE_CFG - echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGOCSP_INSTANCE_CFG - echo "pki_ds_database=$BUGOCSP_LDAP_INSTANCE_NAME" >> $BUGOCSP_INSTANCE_CFG - echo "pki_ds_ldap_port=$BUGOCSP_LDAP_PORT" >> $BUGOCSP_INSTANCE_CFG - echo "pki_ds_base_dn=$BUGOCSP_LDAP_DB_SUFFIX" >> $BUGOCSP_INSTANCE_CFG - echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGOCSP_INSTANCE_CFG - echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGOCSP_INSTANCE_CFG - echo "pki_security_domain_hostname=$MASTER" >> $BUGOCSP_INSTANCE_CFG - echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGOCSP_INSTANCE_CFG - echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGOCSP_INSTANCE_CFG - echo "pki_security_domain_user= $BUGOCSP_PKI_SECURITY_DOMAIN_USER" >> $BUGOCSP_INSTANCE_CFG - echo "pki_client_database_password=$BUGOCSP_PKI_CLIENT_DATABASE_PASSWORD" >> $BUGOCSP_INSTANCE_CFG - rlRun "pkispawn -s OCSP -v -f $BUGOCSP_INSTANCE_CFG > $BUGOCSP_INSTANCE_OUT" - - # Create a TKS instance - - rlRun "rhds_install $BUGTKS_LDAP_PORT $BUGTKS_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGTKS_LDAP_DB_SUFFIX $BUGTKS_SUBSYSTEM_NAME" - echo "[DEFAULT]" > $BUGTKS_INSTANCE_CFG - echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGTKS_INSTANCE_CFG - echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGTKS_INSTANCE_CFG - echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGTKS_INSTANCE_CFG - echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGTKS_INSTANCE_CFG - echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGTKS_INSTANCE_CFG - echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGTKS_INSTANCE_CFG - echo "pki_ds_database=$BUGTKS_LDAP_INSTANCE_NAME" >> $BUGTKS_INSTANCE_CFG - echo "pki_ds_ldap_port=$BUGTKS_LDAP_PORT" >> $BUGTKS_INSTANCE_CFG - echo "pki_ds_base_dn=$BUGTKS_LDAP_DB_SUFFIX" >> $BUGTKS_INSTANCE_CFG - echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGTKS_INSTANCE_CFG - echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGTKS_INSTANCE_CFG - echo "pki_security_domain_hostname=$MASTER" >> $BUGTKS_INSTANCE_CFG - echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGTKS_INSTANCE_CFG - echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGTKS_INSTANCE_CFG - echo "pki_security_domain_user= $BUGTKS_PKI_SECURITY_DOMAIN_USER" >> $BUGTKS_INSTANCE_CFG - echo "pki_client_database_password=$BUGTKS_PKI_CLIENT_DATABASE_PASSWORD" >> $BUGTKS_INSTANCE_CFG - rlRun "pkispawn -s TKS -v -f $BUGTKS_INSTANCE_CFG > $BUGTKS_INSTANCE_OUT" #Checking if the CS.cfg.bak file exists and restart fails if the file is moved to a file with a different name diff --git a/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs.sh b/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs.sh deleted file mode 100755 index df8fef010..000000000 --- a/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs.sh +++ /dev/null @@ -1,249 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/ -# Description: tomcatjss bug verification -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Authors: Roshni Pattath <rpattath@redhat.com> -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -######################################################################## -#pki-user-cli-user-ca.sh should be first executed prior to bug verification -######################################################################## - -######################################################################## -# Test Suite Globals -######################################################################## -run_tomcatjss-bug-verification(){ - - rlPhaseStartTest "bug_1084224: Tomcatjss missing strictCiphers implementation" - CA_HOST=$MASTER - CA_PORT=$(cat /tmp/bugca_instance.inf | grep pki_https_port | cut -d "=" -f2) - test1="test_screen" - ca_server_xml_file="/var/lib/pki/pki-ca-bug/conf/server.xml" - temp_file="$ca_server_xml_file.temp" - rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1084224" - rlRun "ssltap -sfx $CA_HOST:$CA_PORT > /tmp/original_cipher.out &" - rlRun "sleep 10" - rlLog "Executing: wget https://$CA_HOST:1924 --no-check-certificate" - rlRun "wget https://$CA_HOST:1924 --no-check-certificate" - cat /tmp/original_cipher.out | grep "cipher_suite = (0x0035) TLS/RSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0x0035) TLS/RSA/AES256-CBC/SHA" - search_string3="+TLS_RSA_WITH_AES_256_CBC_SHA" - replace_string3="-TLS_RSA_WITH_AES_256_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0x002f) TLS/RSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0x002f) TLS/RSA/AES128-CBC/SHA" - search_string3="+TLS_RSA_WITH_AES_128_CBC_SHA" - replace_string3="-TLS_RSA_WITH_AES_128_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA" - search_string3="+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - replace_string3="-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA" - search_string3="+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - replace_string3="-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA" - search_string3="+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - replace_string3="-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA" - search_string3="+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - replace_string3="-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA" - search_string3="+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - replace_string3="-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA" - search_string3="+TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - replace_string3="-TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0x0038) TLS/DHE-DSS/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0x0038) TLS/DHE-DSS/AES256-CBC/SHA" - search_string3="+TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - replace_string3="-TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0x0033) TLS/DHE-RSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0x0033) TLS/DHE-RSA/AES128-CBC/SHA" - search_string3="+TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - replace_string3="-TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - fi - cat /tmp/original_cipher.out | grep "cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - original_cipher="cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA" - search_string3="+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - replace_string3="-TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - fi - rlRun "systemctl stop pki-tomcatd@pki-ca-bug.service" - search_string1="strictCiphers=\"false\"" - replace_string1="strictCiphers=\"true\"" - search_string2="sslOptions=\"ssl2=true,ssl3=true,tls=true\"" - replace_string2="sslOptions=\"ssl2=false,ssl3=false,tls=true\"" - search_string4="clientAuth=\"want\"" - replace_string4="clientauth=\"want\"" - rlRun "sed 's/$search_string1/$replace_string1/g' $ca_server_xml_file > $temp_file" - cp $temp_file $ca_server_xml_file - rlRun "sed 's/$search_string2/$replace_string2/g' $ca_server_xml_file > $temp_file" - cp $temp_file $ca_server_xml_file - rlRun "sed 's/$search_string3/$replace_string3/g' $ca_server_xml_file > $temp_file" - cp $temp_file $ca_server_xml_file - rlRun "sed 's/$search_string4/$replace_string4/g' $ca_server_xml_file > $temp_file" - cp $temp_file $ca_server_xml_file - chown pkiuser:pkiuser $ca_server_xml_file - cat $ca_server_xml_file | grep $replace_string1 - if [ $? -eq 0 ] ; then - rlRun "modutil -dbdir /var/lib/pki/pki-ca-bug/ca/alias -fips true &" - rlRun "sleep 5" - rlRun "modutil -dbdir /var/lib/pki/pki-ca-bug/ca/alias -chkfips true > /tmp/chkfips.out" - rlAssertGrep "FIPS mode enabled." "/tmp/chkfips.out" - rlRun "systemctl start pki-tomcatd@pki-ca-bug.service" - rlRun "ssltap -sfx $CA_HOST:$CA_PORT > /tmp/new_cipher.out &" - rlRun "sleep 10" - rlLog "Executing: wget https://$CA_HOST:1924 --no-check-certificate" - rlRun "wget https://$CA_HOST:1924 --no-check-certificate" - cat $ca_server_xml_file | grep "+TLS_RSA_WITH_AES_256_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0x0035) TLS/RSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_RSA_WITH_AES_128_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0x002f) TLS/RSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0x0038) TLS/DHE-DSS/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0x0033) TLS/DHE-RSA/AES128-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - cat $ca_server_xml_file | grep "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - if [ $? -eq 0 ]; then - cat /tmp/new_cipher.out | grep "cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA" - if [ $? -eq 0 ]; then - rlPass "Bug Verified" - fi - fi - rlAssertNotGrep "$original_cipher" "/tmp/new_cipher.out" - else - rlLog "Config file modification failed" - fi - rlRun "pkidestroy -s TKS -i pki-ca-bug" - rlRun "sleep 10" - rlRun "pkidestroy -s OCSP -i pki-ca-bug" - rlRun "sleep 10" - rlRun "pkidestroy -s KRA -i pki-ca-bug" - rlRun "sleep 10" - rlRun "pkidestroy -s CA -i pki-ca-bug" - rlRun "sleep 10" - rlRun "remove-ds.pl -f -i slapd-pki-ca-bug" - rlRun "sleep 10" - rlRun "remove-ds.pl -f -i slapd-pki-kra-bug" - rlRun "sleep 10" - rlRun "remove-ds.pl -f -i slapd-pki-ocsp-bug" - rlRun "sleep 10" - rlRun "remove-ds.pl -f -i slapd-pki-tks-bug" - rlRun "sleep 10" - rlPhaseEnd - -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-add.sh index 60c3249c5..3b9180292 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-add.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-add.sh @@ -51,23 +51,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -133,7 +125,7 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_add-002:maximum length of group id" - group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -228,7 +220,7 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_add-008:--description with maximum length" - groupdesc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -250,7 +242,8 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_add-009:--desccription with maximum length and symbols" - groupdesc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -387,14 +380,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" ##### Tests to add groups using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users##### rlPhaseStartTest "pki_ca_group_cli_ca_group_add-021: Should not be able to add group using a cert created from a untrusted CA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-add --description='$desc' $group1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-add --description='$desc' $group1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_adminUTCA" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_add-022: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10000 | head -n 1` + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-add --description=test '$group_length_exceed_max'" errmsg="ClientResponseFailure: ldap can't save, exceeds max length" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-del.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-del.sh index f0c680f51..b2cf5a9b4 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-del.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-del.sh @@ -55,23 +55,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -209,7 +201,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_del-006: Maximum length of group id" - group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -240,7 +232,8 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_del-007: groupid with maximum length and symbols" - groupid=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -461,7 +454,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_del-CA-016: Should not be able to delete group using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-del g2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-del g2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a untrusted cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh index b03408bdc..b5b434c60 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh @@ -49,23 +49,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -150,7 +142,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-006: Find all groups, --size with maximum possible value as input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 9 | head -n 1` + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) rlLog "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -176,7 +170,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-007: Find all groups, --size more than maximum possible value" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-find --size=$maximum_check" errmsg="NumberFormatException: For input string: $maximum_check" errorcode=255 @@ -257,7 +253,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-013: Find groups, --start with maximum possible input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 9 | head -n 1` + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) rlLog "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -276,7 +274,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-014: Find groups, --start with more than maximum possible input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 12 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-find --start=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 @@ -431,7 +431,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-028: Should not be able to find groups using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-find --start=1 --size=5" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-find --start=1 --size=5" errmsg="PKIException: Unauthorized" errocode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using CA_adminUTCA" @@ -466,7 +466,6 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-030: find groups when group id has i18n characters" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1` rlLog "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -486,13 +485,13 @@ local cert_info="$TmpDir/cert_info" -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - ca-group-find --size=$maximum_check " + ca-group-find --size=1000" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - ca-group-find --size=$maximum_check > $TmpDir/pki-ca-group-show-001_31_2.out" \ + ca-group-find --size=1000 > $TmpDir/pki-ca-group-show-001_31_2.out" \ 0 \ "Find group with max size" rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-ca-group-show-001_31_2.out" @@ -500,7 +499,6 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-031: find group when group id has i18n characters" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1` rlLog "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -520,13 +518,13 @@ local cert_info="$TmpDir/cert_info" -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - ca-group-find --size=$maximum_check" + ca-group-find --size=1000" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - ca-group-find --size=$maximum_check > $TmpDir/pki-ca-group-show-001_32_2.out" \ + ca-group-find --size=1000 > $TmpDir/pki-ca-group-show-001_32_2.out" \ 0 \ "Find group with max size" rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-ca-group-show-001_32_2.out" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh index 1f0349256..486f39a5b 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh @@ -71,23 +71,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -403,14 +395,14 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member-add-016: Should not be able to ca-group-member-add using CA_adminUTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-member-add \"Administrators\" testuser1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-add \"Administrators\" testuser1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ca-group-member-add using CA_adminUTCA cert" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member-add-017: Should not be able to ca-group-member-add using CA_agentUTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-member-add \"Administrators\" testuser1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-add \"Administrators\" testuser1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ca-group-member-add using CA_agentUTCA cert" @@ -447,7 +439,7 @@ local cert_info="$TmpDir/cert_info" #Create a user cert rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"Test User1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" @@ -456,7 +448,7 @@ local cert_info="$TmpDir/cert_info" rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem" rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem -t "u,u,u"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -527,7 +519,7 @@ local cert_info="$TmpDir/cert_info" rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem" rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n testuser2 -i $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem -t "u,u,u"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser2\" -i $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem -t \"u,u,u\"" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh index ea2ac90dc..a9d69abe9 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh @@ -68,23 +68,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -351,14 +343,14 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member-del-015: Should not be able to ca-group-member-del using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-member-del 'Administrators' user2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-del 'Administrators' user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ca-group-member-del using CA_adminUTCA cert" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member-del-016: Should not be able to ca-group-member-del using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-member-del \"Administrators\" user2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-del \"Administrators\" user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ca-group-member-del using role_user_UTCA cert" @@ -560,7 +552,7 @@ local cert_info="$TmpDir/cert_info" #Create a user cert rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"Test User1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh index 875eaef57..62ba247dd 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh @@ -73,23 +73,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -482,7 +474,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member-find-020: Find group members with --size more than maximum possible value" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-find group1 --size=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 @@ -490,7 +484,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member-find-021: Find group members with --start more than maximum possible value" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-find group1 --start=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 @@ -555,7 +551,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member-find-029: Should not be able to ca-group-member-find using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-member-find group1 --start=0 --size=5" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-find group1 --start=0 --size=5" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ca-group-member using a untrusted CA_adminUTCA user cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh index a4e8678e3..25782b8f3 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh @@ -65,23 +65,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -265,7 +257,7 @@ cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_member_show-015: Should not be able to show group members using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-member-show $group1 u1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-member-show $group1 u1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using CA_adminUTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-mod.sh index f7e2cef55..ead33037d 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-mod.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-mod.sh @@ -53,26 +53,6 @@ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - CA_HOST=$(eval echo \$${MYROLE}) CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) @@ -166,8 +146,8 @@ rlPhaseStartTest "pki_ca_group_cli_ca_group_mod-003:--description with character rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_mod-004:--description with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` - + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -330,7 +310,7 @@ rlPhaseStartTest "pki_ca_group_cli_ca_group_mod-003:--description with character ##### Tests to modify groups using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users##### rlPhaseStartTest "pki_ca_group_cli_ca_group_mod-015: Should not be able to modify groups using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-mod --description='$group1desc' $group1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-mod --description='$group1desc' $group1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-show.sh index c461157ab..d38c0cd08 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-show.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-show.sh @@ -59,23 +59,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -132,7 +124,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_show-002: maximum length of group id" - group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -272,7 +264,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_show-008: --description with maximum length" - desc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -301,7 +293,8 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_show-009: --description with maximum length and symbols" - desc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -524,7 +517,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_show-024: Should not be able to show group using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-group-show g7" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-show g7" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using CA_adminUTCA" @@ -560,7 +553,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_show-026: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10000 | head -n 1` + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-show '$group_length_exceed_max'" errmsg="ClientResponseFailure: ldap can't save, exceeds max length" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-add.sh index 12d52062d..fe7bb6942 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-add.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-add.sh @@ -55,28 +55,19 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - ##### Create a temporary directory to save output files and initializing host/port variables ##### rlPhaseStartSetup "pki_user_cli_user_cert-add-ca-startup: Create temporary directory and initializing host/port variables" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -1792,12 +1783,12 @@ rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0027: Adding a cert as CA_adminU rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0027crmf.out > $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027pkcs10.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminUTCA" @@ -1839,12 +1830,12 @@ rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0028: Adding a cert as CA_agentU rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0028crmf.out > $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028pkcs10.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentUTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh index 96e6b83f4..df9f0edb8 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh @@ -55,23 +55,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -476,13 +468,13 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlPhaseStartTest "pki_ca_user_cli_ca_user_cert-del-0014: Delete certs assigned to a user - as role_user_UTCA should fail" i=1 - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ca-user-cert-del should fail if authenticating using an untrusted cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-find.sh index 334a0c6c3..5d26ada1a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-find.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-find.sh @@ -55,23 +55,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -1009,7 +1001,7 @@ rlPhaseEnd #### Find certs assigned to a CA user - authenticating as a user whose CA cert has not been trusted ### rlPhaseStartTest "pki_ca_user_cli_ca_user_cert-find-029: Find the certs of a user as role_user_UTCA should fail" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT user-cert-find $user2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh index d706c2099..3a8079a3b 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh @@ -55,23 +55,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -833,12 +825,12 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV ##### Show certs asigned to a user - as role_user_UTCA ##### rlPhaseStartTest "pki_ca_user_cli_ca_user_cert-show-0026: Show certs assigned to a user - as role_user_UTCA should fail" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ca-user-cert-show shouls fail when authenticating with an untrusted cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ca-user-cert-show shouls fail when authenticating with an untrusted cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-mod.sh index e61be1d0d..a096b8477 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-mod.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-mod.sh @@ -54,23 +54,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -211,8 +203,8 @@ rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-004:--email with characters and nu #### Modify a user's email with maximum length and symbols #### rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-005:--email with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` - + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ @@ -393,7 +385,8 @@ rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-009:--email as number 0 " #### Modify a user's state with maximum length and symbols #### rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-011:--state with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ @@ -574,7 +567,8 @@ rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-015:--state as number 0 " #### Modify a user's phone with maximum length and symbols #### rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-017:--phone with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ @@ -590,7 +584,9 @@ rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-017:--phone with maximum length an #### Modify a user's phone with maximum length and numbers only #### rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-018:--phone with maximum length and numbers only " - randsym=`cat /dev/urandom | tr -dc '0-9' | fold -w 1024 | head -n 1` + randhex=$(openssl rand -hex 1024 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ @@ -619,7 +615,7 @@ rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-018:--phone with maximum length an -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - ca-user-add --fullName=test usr2" + ca-user-add --fullName=test usr2 > /tmp/useraddres 2>&1" command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-mod --phone=\"#\" usr2" errmsg="PKIException: LDAP error (21): error result" errorcode=255 @@ -823,7 +819,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-025: Modify user with --password " ##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted CA users##### rlPhaseStartTest "pki_ca_user_cli_ca_user_mod-034: Should not be able to modify user using a cert created from a untrusted CA role_user_UTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT ca-user-mod --fullName='$user1fullname' $user1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT ca-user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" @@ -1049,19 +1045,18 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-user-00$i.out" let i=$i+1 done - - i=1 - while [ $i -lt 5 ] ; do + j=1 + while [ $j -lt 5 ] ; do rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - user-del usr$i > $TmpDir/pki-usr-del-ca-usr-00$i.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del usr$j > $TmpDir/pki-user-del-ca-usr-00$j.out" \ 0 \ - "Deleted user usr$i" - rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-ca-usr-00$i.out" - let i=$i+1 + "Deleted user usr$j" + rlAssertGrep "Deleted user \"usr$j\"" "$TmpDir/pki-user-del-ca-usr-00$j.out" + let j=$j+1 done j=1 diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh index 0d585926d..28e35a01f 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh @@ -56,23 +56,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi local CA_HOST=$(eval echo \$${MYROLE}) @@ -126,7 +118,7 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_add-CA-002:maximum length of group id" - group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -221,7 +213,7 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_add-CA-008:--description with maximum length" - groupdesc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -243,7 +235,8 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_add-CA-009:--desccription with maximum length and symbols" - groupdesc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -380,14 +373,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" ##### Tests to add groups using CA_adminUTCA and CA_agentUTCA user's certificate will be issued by an untrusted CA users##### rlPhaseStartTest "pki_group_cli_group_add-CA-021: Should not be able to add group using a cert created from a untrusted CA role_user_UTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description='$desc' $group1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using CA_adminUTCA" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_add-CA-022: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10000 | head -n 1` + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-add --description=test '$group_length_exceed_max'" errmsg="ClientResponseFailure: ldap can't save, exceeds max length" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh new file mode 100755 index 000000000..bee148caf --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh @@ -0,0 +1,577 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-add-kra Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-group-cli-group-add-kra.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-add-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_add_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + + ##### Tests to add KRA groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_group_cli_group_add_kra-001: Add a group to KRA using KRA_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-kra-group-add-001.out" \ + 0 \ + "Add group $group1 to KRA" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-kra-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-kra-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ + 0 \ + "Added group using KRA_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-kra-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-kra-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description test $group3 > $TmpDir/pki-kra-group-add-001_2.out" \ + 0 \ + "Added group using KRA_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-kra-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group4 > $TmpDir/pki-kra-group-add-001_3.out" \ + 0 \ + "Added group using KRA_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-kra-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group5 > $TmpDir/pki-kra-group-add-001_4.out " \ + 0 \ + "Added group using KRA_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-kra-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group6 > $TmpDir/pki-kra-group-add-001_5.out " \ + 0 \ + "Added group using KRA_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-kra-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group7 > $TmpDir/pki-kra-group-add-001_6.out " \ + 0 \ + "Added group using KRA_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-kra-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-kra-group-add-001_7.out" \ + 0 \ + "Added group using KRA_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-kra-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='$groupdesc' g2 > $TmpDir/pki-kra-group-add-001_8.out" \ + 0 \ + "Added group using KRA_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-010: Add a duplicate group to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-011: Add a group to KRA with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$desc\" g3 > $TmpDir/pki-kra-group-add-0011.out" \ + 0 \ + "Add group g3 to KRA" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-kra-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add g7 > $TmpDir/pki-kra-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-kra-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-add-0013.out" + rlPhaseEnd + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_add_kra-014: Should not be able to add group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-015: Should not be able to add group using a agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert KRA_agentR" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_add_kra-016: Should not be able to add group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert KRA_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_add_kra-017: Should not be able to add group using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-018: Should not be able to add group using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert KRA_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_add_kra-019: Should not be able to add group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert KRA_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_group_cli_group_add_kra-020: Should not be able to add group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_operatorV" + rlPhaseEnd + + ##### Tests to add groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_add_kra-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-023: description with i18n characters" + rlLog "group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' g4 > $TmpDir/pki-kra-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-024: description with i18n characters" + rlLog "group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' g5 > $TmpDir/pki-kra-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-025: description with i18n characters" + rlLog "group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-kra-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-kra-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g6 > $TmpDir/pki-kra-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add_kra-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_kra-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-kra-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-add-001_57.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting groups" + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del '$grp' > $TmpDir/pki-kra-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-kra-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-kra-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-kra-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-kra-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh index 43c79d1ac..715624d98 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh @@ -55,23 +55,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -213,8 +205,8 @@ local cert_info="$TmpDir/cert_info" rlAssertGrep "usage: group-del <Group ID>" "$TmpDir/pki-group-del-ca-group-003_1.out" rlPhaseEnd - rlPhaseStartTest "pki_group_cli_group_del-CA-006: Maximum length of group id" - group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + rlPhseStartTest "pki_group_cli_group_del-CA-006: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -245,7 +237,8 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_del-CA-007: groupid with maximum length and symbols" - groupid=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -465,7 +458,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_del-CA-016: Should not be able to delete group using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-del g2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-del g2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a untrusted cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh new file mode 100755 index 000000000..9b6bcfbb0 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh @@ -0,0 +1,636 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-del-kra Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-del-kra_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_del_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_del_kra-001: Delete valid groups" + group1=kra_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to KRA using KRA_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-kra-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to KRA using KRA_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-kra-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-kra-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-002: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del GROUP_ABC > $TmpDir/pki-kra-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-kra-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-003: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-004: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ + 0 \ + "Added group using KRA_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del \"$group2\" > $TmpDir/pki-kra-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using KRA_adminV" + actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-005: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test '$groupid' > $TmpDir/pki-kra-group-add-001_8.out" \ + 0 \ + "Added group using KRA_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del '$groupid' > $TmpDir/pki-kra-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using KRA_adminV" + actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show '$groupid' > $TmpDir/pki-kra-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-kra-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-006: Delete group from KRA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-add-009.out" \ + 0 \ + "Add group g1 to KRA" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g1 > $TmpDir/pki-kra-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t kra option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-kra-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-007: Should not be able to delete group using a revoked cert KRA_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-kra-010.out" \ + 0 \ + "Add group g2 to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g2 > $TmpDir/pki-kra-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-008: Should not be able to delete group using a agent with revoked cert KRA_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-kra-010.out" \ + 0 \ + "Add group g3 to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-kra-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-009: Should not be able to delete group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-kra-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-010: Should not be able to delete group using a admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-011: Should not be able to delete a group using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-012: Should not be able to delete group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-013: Should not be able to delete group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-014: Should not be able to delete group using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $KRA_HOST -p $KRA_PORT -t kra group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-015: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g3 > $TmpDir/pki-kra-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-group-show-kra-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g3 > $TmpDir/pki-group-del-kra-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-016: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-kra-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-kra-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-kra-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_kra-017: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_cleanup_kra: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh index 69827a114..427f2ffb5 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh @@ -49,23 +49,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -150,7 +142,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-006: Find all groups, --size with maximum possible value as input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 9 | head -n 1` + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) rlLog "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -176,7 +170,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-007: Find all groups, --size more than maximum possible value" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --size=$maximum_check" errmsg="NumberFormatException: For input string: $maximum_check" errorcode=255 @@ -257,7 +253,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-013: Find groups, --start with maximum possible input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 9 | head -n 1` + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) rlLog "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -276,7 +274,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-014: Find groups, --start with more than maximum possible input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 12 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 @@ -431,7 +431,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-028: Should not be able to find groups using a cert created from a untrusted CA role_user_UTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=1 --size=5" errmsg="PKIException: Unauthorized" errocode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using CA_adminUTCA" @@ -466,7 +466,6 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-030: find groups when group id has i18n characters" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -480,13 +479,13 @@ local cert_info="$TmpDir/cert_info" -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - group-find --size=$maximum_check " + group-find --size=1000" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - group-find --size=$maximum_check > $TmpDir/pki-group-show-ca-001_31_2.out" \ + group-find --size=1000 > $TmpDir/pki-group-show-ca-001_31_2.out" \ 0 \ "Find group with max size" rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-show-ca-001_31_2.out" @@ -494,7 +493,6 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-031: find group when group id has i18n characters" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -508,13 +506,13 @@ local cert_info="$TmpDir/cert_info" -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - group-find --size=$maximum_check" + group-find --size=1000" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - group-find --size=$maximum_check > $TmpDir/pki-group-show-ca-001_32_2.out" \ + group-find --size=1000 > $TmpDir/pki-group-show-ca-001_32_2.out" \ 0 \ "Find group with max size" rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-show-ca-001_32_2.out" diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh new file mode 100755 index 000000000..eb4fc8ae0 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh @@ -0,0 +1,651 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-find-kra To list groups in KRA. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-find-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_group_cli_group_find_kra-startup: Create temporary directory and add groups" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_find_kra-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=5 > $TmpDir/pki-kra-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=0 > $TmpDir/pki-kra-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-005: Find all groups, large value as input" + large_num="1000000" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$large_num" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$large_num > $TmpDir/pki-kra-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-kra-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=$maximum_check > $TmpDir/pki-kra-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-kra-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_find_kra-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find > $TmpDir/pki-kra-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_10=`cat $TmpDir/pki-kra-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=10 > $TmpDir/pki-kra-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-kra-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=10000 > $TmpDir/pki-kra-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=$maximum_check > $TmpDir/pki-kra-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=0 > $TmpDir/pki-kra-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find > $TmpDir/pki-kra-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_12=`cat $TmpDir/pki-kra-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=12 --size=12 > $TmpDir/pki-kra-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-kra-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-kra-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find > $TmpDir/pki-kra-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_12=`cat $TmpDir/pki-kra-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=12 --size=0 > $TmpDir/pki-kra-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-021: Should not be able to find group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-022: Should not be able to find groups using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-023: Should not be able to find groups using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-024: Should not be able to find groups using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-025: Should not be able to find groups using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-026: Should not be able to find groups using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-027: Should not be able to find groups using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-028: Should not be able to find groups using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --start=1 --size=5 > $TmpDir/pki-kra-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-find-pkiUser1-002.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-kra-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000 > $TmpDir/pki-kra-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find --size=1000 > $TmpDir/pki-kra-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_group_cli_group_find_kra-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find Administrator > $TmpDir/pki-kra-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-033: find group - filter 'KRA'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find KRA" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-find KRA > $TmpDir/pki-kra-group-show-034.out" \ + 0 \ + "Find group with Keyword KRA" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-034.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_kra-034: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh index 7685b4952..7cdf93e96 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh @@ -71,23 +71,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -435,14 +427,14 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-add-CA-017: Should not be able to group-member-add using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_adminUTCA cert" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-add-CA-018: Should not be able to group-member-add using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-add \"Administrators\" testuser1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using CA_agentUTCA cert" @@ -479,7 +471,7 @@ local cert_info="$TmpDir/cert_info" #Create a user cert rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"Test User1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" @@ -488,7 +480,7 @@ local cert_info="$TmpDir/cert_info" rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem" rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem -t "u,u,u"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -559,7 +551,7 @@ local cert_info="$TmpDir/cert_info" rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.out > $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem" rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" - rlRun "certutil -d $TEMP_NSS_DB -A -n testuser2 -i $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem -t "u,u,u"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser2\" -i $TmpDir/pki_ca_group_member_add_encoded_0020pkcs10.pem -t \"u,u,u\"" rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh new file mode 100755 index 000000000..8f3c8f9f4 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh @@ -0,0 +1,1092 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-membership-add-kra CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-add-kra Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-add-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-add-kra_tests(){ + #Local variables + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartSetup "pki_group_cli_group_membership-add-kra-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-001: Add users to available groups using valid admin user KRA_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-show u$i > $TmpDir/pki-kra-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-002: Add a user to all available groups using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-show userall > $TmpDir/pki-kra-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki CA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-003: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-show user1 > $TmpDir/pki-kra-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-004: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-005: Should be able to group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-kra-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-006: Should not be able to group-member-add using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-007: Should not be able to group-member-add using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-008: Should not be able to group-member-add using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-009: Should not be able to group-member-add using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-010: Should not be able to group-member-add using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-011: Should not be able to group-member-add using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-012: Should not be able to group-member-add using KRA_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-013: Should not be able to group-member-add using KRA_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-add-kra-014: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find $groupid4 > $TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=test_user us19 > $TmpDir/pki-kra-user-add-019_4.out 2>&1" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-kra-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-kra-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-kra-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-015: Should not be able to group-member-add using KRA_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using KRA_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-016: Should not be able to add a non existing user to a group" + user="tuser3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-add \"$groupid5\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-017: Add a group and add a user to the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-kra-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g1 u9 > $TmpDir/pki-kra-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g1 > $TmpDir/pki-kra-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-018: Add two group and add a user to the two different group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-kra-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-kra-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-kra-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g2 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g2 > $TmpDir/pki-kra-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g3 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g3 > $TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-019: Add a group, add a user to the group and delete the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g4description\" gr4 > $TmpDir/pki-kra-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + -user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-kra-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add gr4 u11 > $TmpDir/pki-kra-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find gr4 > $TmpDir/pki-kra-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del gr4 > $TmpDir/pki-kra-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-kra-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-find u11 > $TmpDir/pki-kra-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-020: Add a group, add a user to the group and modify the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g5description\" g4 > $TmpDir/pki-kra-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-kra-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g4 u12 > $TmpDir/pki-kra-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g4 > $TmpDir/pki-kra-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod g4 --description=\"Modified group\" > $TmpDir/pki-kra-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-kra-021: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"g6description\" g5 > $TmpDir/pki-kra-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-kra-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add g5 u13 > $TmpDir/pki-kra-group-member-add-groupadd-026.out 2>&1" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g5 > $TmpDir/pki-kra-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-del u13 g5 > $TmpDir/pki-kra-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-kra-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find g5 > $TmpDir/pki-kra-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_member-add-cleanup-kra-001: Deleting the temp directory and users and groups" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userall > $TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user1 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del us19 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del testuser$i > $TmpDir/pki-group-member-add-kra-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-kra-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh index e8a4b73b1..b8dcb84d1 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh @@ -68,23 +68,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -351,14 +343,14 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-del-CA-015: Should not be able to group-member-del using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-member-del 'Administrators' user2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-del 'Administrators' user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_adminUTCA cert" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-del-CA-016: Should not be able to group-member-del using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT user-membership-del \"Administrators\" user2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT user-membership-del \"Administrators\" user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using CA_agentUTCA cert" @@ -560,7 +552,7 @@ local cert_info="$TmpDir/cert_info" #Create a user cert rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ - algo:rsa key_size:2048 subject_cn:\"Test User1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ certdb_nick:\"${prefix}_agentV\" cert_info:$cert_info" diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh new file mode 100755 index 000000000..906bffd49 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh @@ -0,0 +1,771 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-del-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-kra_tests(){ + #Available groups group-member-del + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-002: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-003: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-004: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-005: Missing required option <Member ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-006: Should not be able to group-member-del using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-007: Should not be able to group-member-del using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-008: Should not be able to group-member-del using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert KRA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-009: Should not be able to group-member-del using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-010: Should not be able to group-member-del using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-011: Should not be able to group-member-del using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-012: Should not be able to group-member-del using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-013: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using KRA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-014: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-015: Delete group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-kra-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-kra-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-kra-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-016: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-kra-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-017: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-kra-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-kra-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-kra-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u20 > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-kra-018: User deleted from Administrators group cannnot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-kra-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-019: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'group1' > $TmpDir/pki-kra-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-kra-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-membership-find testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-kra-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userall > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user1 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user2 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user123 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del testuser1 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del testuser2 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh index 5127b6c59..e5009fa08 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh @@ -73,23 +73,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -482,7 +474,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-find-CA-020: Find group members with --size more than maximum possible value" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --size=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 @@ -490,7 +484,9 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-find-CA-021: Find group members with --start more than maximum possible value" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 @@ -555,14 +551,14 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-find-CA-029: Should not be able to group-member-find using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member-find-CA-030: Should not be able to group-member-find using role_user_UTCA cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-find group1 --start=0 --size=5" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_agentUTCA user cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh new file mode 100755 index 000000000..f3d8f8a5d --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh @@ -0,0 +1,793 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-member-find-kra CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find-kra Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-find-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-find-kra_tests(){ + #Local variables + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find_kra-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + + rlPhaseStartTest "pki_group_cli_group_member-find_kra-001: Find kra-group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-002: Find kra-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-003: Find kra-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-kra-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-kra-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add group1 user$i > $TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 > $TmpDir/pki-kra-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-kra-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-004: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=5 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-005: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-006: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-007: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-008: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-009: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-010: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=1 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-011: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-012: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=100 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" 0 \ + "kra-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-013: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-014: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-015: Find group members with -t option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --size=5 > $TmpDir/pki-kra-group-member-find-018.out" \ + 0 \ + "Find group-member with -t kra option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-016: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-kra-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-017: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-018: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-019: Should not be able to group-member-find using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-020: Should not be able to group-member-find using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-021: Should not be able to group-member-find using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent KRA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-022: Should not be able to group-member-find using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin KRA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-023: Should not be able to group-member-find using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent KRA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-024: Should not be able to group-member-find using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor KRA_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-025: Should not be able to group-member-find using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator KRA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-026: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-027: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted KRA_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-028:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-kra-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-029: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-kra-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add group2 userid$i > $TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-find group2 > $TmpDir/pki-kra-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-kra-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 10 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del user$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userid$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del userall > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" + + + #===Deleting groups created using KRA_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'group1' > $TmpDir/pki-user-del-kra-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-kra-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'group2' > $TmpDir/pki-user-del-kra-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-kra-group2.out" + + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh index f0b2c73de..3307144a6 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh @@ -65,23 +65,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -261,7 +253,7 @@ cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_member_show-CA-015: Should not be able to show group members using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-member-show $group1 u1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using CA_adminUTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh new file mode 100755 index 000000000..46a731676 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh @@ -0,0 +1,540 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show-kra Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-show-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-kra_tests(){ + #local variables + group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartSetup "pki_group_cli_group_member_show_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_kra_group_member_show-configtest: pki kra-group-member-show configuration test" + rlRun "pki kra-group-member-show --help > $TmpDir/pki_kra_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki kra-group-member-show" + rlAssertGrep "usage: kra-group-member-show <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show KRA groups #### + rlPhaseStartTest "pki_group_cli_group_member_show_kra-001: Add group to KRA using KRA_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1 > $TmpDir/pki_kra_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_kra_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_kra_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show_kra-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 U1 > $TmpDir/pki-kra-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-kra-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-kra-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-kra-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-008: Should not be able to show group member using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-009: Should not be able to show group member using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-010: Should not be able to show group members using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-011: Should not be able to show group members using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-012: Should not be able to show group members using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-013: Should not be able to show group members using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-014: Should not be able to show group members using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-015: Should not be able to show group members using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group1 u1 > $TmpDir/pki-kra-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=test u3 > $TmpDir/pki-kra-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-kra-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-kra-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-018: Add group to KRA using KRA_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group2 u2 > $TmpDir/pki_kra_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_kra_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_kra_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra-019: Add group to KRA using KRA_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-member-show $group3 u4 > $TmpDir/pki_kra_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_kra_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_kra_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show_kra-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_kra_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + user-del u$j > $TmpDir/pki-user-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh index f5009f5fa..2bc4d68f8 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh @@ -60,23 +60,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -166,7 +158,8 @@ rlPhaseStartTest "pki_group_cli_group_mod-CA-003:--description with characters a rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_mod-CA-004:--description with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ @@ -334,7 +327,7 @@ rlPhaseStartTest "pki_group_cli_group_mod-CA-003:--description with characters a ##### Tests to modify groups using role_user_UTCA user's certificate will be issued by an untrusted CA users##### rlPhaseStartTest "pki_group_cli_group_mod-CA-015: Should not be able to modify groups using a cert created from a untrusted CA CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-mod --description='$group1desc' $group1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh new file mode 100755 index 000000000..97c0bf2c8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh @@ -0,0 +1,537 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli +# Description: PKI group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-mod-kra Modify existing groups in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-mod-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-mod-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_group_cli_group_mod_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +group1=kra_group +group1desc="Test kra group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test kra agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### Tests to modify KRA groups #### + rlPhaseStartTest "pki_group_cli_group_mod_kra-002: Modify a group's description in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_kra-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-kra-group-mod-004.out" \ + 0 \ + "Modified group using KRA_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-kra-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$randsym\" g2 > $TmpDir/pki-kra-group-mod-005.out" \ + 0 \ + "Modified group using KRA_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-kra-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-kra-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=$ g3 > $TmpDir/pki-kra-group-mod-008.out" \ + 0 \ + "Modified group using CA_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-kra-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-006: Modify a group to KRA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-kra-group-mod-007.out" \ + 0 \ + "Modified group g4 to KRA" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_kra-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-008: Should not be able to modify groups using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_kra-009: Should not be able to modify group using an agent or a revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-010: Should not be able to modify groups using a KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-011: Should not be able to modify group using a KRA_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-012: Should not be able to modify group using a KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-013: Should not be able to modify group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_group_cli_group_mod_kra-014: Should not be able to modify group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as KRA_operatorV" + rlPhaseEnd + +##### Tests to modify groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted KRA users##### + rlPhaseStartTest "pki_group_cli_group_mod_kra-015: Should not be able to modify groups using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_kra-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify KRA groups with empty parameters #### + + rlPhaseStartTest "pki_group_cli_group_mod_kra-017: Modify a user created group in KRA using KRA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" g5 > $TmpDir/pki-kra-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-kra-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify KRA groups with the same value #### + + rlPhaseStartTest "pki_group_cli_group_mod_kra-018: Modify a group in KRA using KRA_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group1 > $TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify KRA groups having i18n chars in the description #### + +rlPhaseStartTest "pki_group_cli_group_mod_kra-019: Modify a groups's description having i18n chars in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-kra-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-kra-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-kra-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-kra-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated KRA groups #### + rlPhaseStartTest "pki_group_cli_group_mod_kra-021: Modify Administrator group's description in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-kra-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_kra-022: Modify Administrators group in KRA using KRA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-mod --description=\"\" Administrators > $TmpDir/pki-kra-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $i18ngroup > $TmpDir/pki-group-del-kra-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-kra-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh index c0e5614e4..174bfca7e 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh @@ -68,23 +68,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi CA_HOST=$(eval echo \$${MYROLE}) @@ -131,7 +123,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_show-CA-002: maximum length of group id" - group2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -271,7 +263,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_show-CA-008: --description with maximum length" - desc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -300,7 +292,8 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_show-CA-009: --description with maximum length and symbols" - desc=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -523,7 +516,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_show-CA-024: Should not be able to show group using a cert created from a untrusted CA role_user_UTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT group-show g7" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $CA_HOST -p $CA_PORT group-show g7" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using CA_adminUTCA" @@ -559,7 +552,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_show-CA-027: group id length exceeds maximum limit defined in the schema" - group_length_exceed_max=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10000 | head -n 1` + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-show '$group_length_exceed_max'" errmsg="ClientResponseFailure: ldap can't save, exceeds max length" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh new file mode 100755 index 000000000..792aae1c9 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh @@ -0,0 +1,712 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-show-kra Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-show-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-show-kra_tests(){ + +rlPhaseStartSetup "pki_group_cli_group_show_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + ##### Tests to show KRA groups #### + rlPhaseStartTest "pki_group_cli_group_show_kra-001: Add group to KRA using KRA_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using KRA_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group1 > $TmpDir/pki-kra-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group2" \ + 0 \ + "Add group $group2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group2 > $TmpDir/pki-kra-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-kra-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-kra-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group3" \ + 0 \ + "Add group $group3 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group3 > $TmpDir/pki-kra-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-kra-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group4" \ + 0 \ + "Add group $group4 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group4 > $TmpDir/pki-kra-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-kra-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group5" \ + 0 \ + "Add $group5 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group5 > $TmpDir/pki-kra-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-kra-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group6" \ + 0 \ + "Add $group6 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group6 > $TmpDir/pki-kra-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-kra-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test $group7" \ + 0 \ + "Add group $group7 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show $group7 > $TmpDir/pki-kra-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-kra-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='$desc' g1" \ + 0 \ + "Added group using KRA_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g1 > $TmpDir/pki-kra-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-kra-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description='$desc' g2" \ + 0 \ + "Added group using CA_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g2 > $TmpDir/pki-kra-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=# g3" \ + 0 \ + "Add group g3 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g3 > $TmpDir/pki-kra-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-kra-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=* g4" \ + 0 \ + "Add group g4 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g4 > $TmpDir/pki-kra-group-show-001_10.out" \ + 0 \ + "Show group g4 using KRA_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-kra-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-kra-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g5 > $TmpDir/pki-kra-group-show-001_11.out" \ + 0 \ + "Show group g5 using KRA_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-kra-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g6 > $TmpDir/pki-kra-group-show-001_12.out" \ + 0 \ + "Show group g6 using KRA_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-kra-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-014: Show group with -t kra option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test g7" \ + 0 \ + "Adding group g7 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g7 > $TmpDir/pki-kra-group-show-001_32.out" \ + 0 \ + "Show group g7 using KRA_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-kra-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-kra-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_show_kra-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show G7 > $TmpDir/pki-kra-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-kra-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-017: Should not be able to show group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-018: Should not be able to show group using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-019: Should not be able to show group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-020: Should not be able to show group using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-021: Should not be able to show group using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-022: Should not be able to show group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-023: Should not be able to show group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-024: Should not be able to show group using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show g7 > $TmpDir/pki-kra-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using KRA_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_kra-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-show 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-kra-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_kra: Deleting the temp directory and groups" + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-add.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-add.sh new file mode 100755 index 000000000..bed90c6d9 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-add.sh @@ -0,0 +1,582 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-add Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-kra-group-cli-kra-group-add.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-kra-group-cli-kra-group-add_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Create Temporary directory #### + + rlPhaseStartSetup "pki_kra_group_cli_kra_group_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + #### pki kra-group configuration test #### + + rlPhaseStartTest "pki_kra_group_cli-configtest: pki kra-group --help configuration test" + rlRun "pki kra-group --help > $TmpDir/pki_kra_group_cfg.out 2>&1" \ + 0 \ + "pki kra-group --help" + rlAssertGrep "kra-group-find Find groups" "$TmpDir/pki_kra_group_cfg.out" + rlAssertGrep "kra-group-show Show group" "$TmpDir/pki_kra_group_cfg.out" + rlAssertGrep "kra-group-add Add group" "$TmpDir/pki_kra_group_cfg.out" + rlAssertGrep "kra-group-mod Modify group" "$TmpDir/pki_kra_group_cfg.out" + rlAssertGrep "kra-group-del Remove group" "$TmpDir/pki_kra_group_cfg.out" + rlAssertGrep "kra-group-member Group member management commands" "$TmpDir/pki_kra_group_cfg.out" + rlAssertNotGrep "Error: Invalid module \"kra-group---help\"." "$TmpDir/pki_kra_group_cfg.out" + rlPhaseEnd + + #### pki kra-group-add configuration test #### + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-configtest: pki kra-group-add configuration test" + rlRun "pki kra-group-add --help > $TmpDir/pki_kra_group_add_cfg.out 2>&1" \ + 0 \ + "pki kra-group-add --help" + rlAssertGrep "usage: kra-group-add <Group ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_add_cfg.out" + rlAssertGrep "\--description <description> Description" "$TmpDir/pki_kra_group_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_add_cfg.out" + rlPhaseEnd + + ##### Tests to add KRA groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-001: Add a group to KRA using KRA_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-kra-group-add-001.out" \ + 0 \ + "Add group $group1 to KRA" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-kra-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-kra-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ + 0 \ + "Added group using CA_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-kra-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-kra-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description test $group3 > $TmpDir/pki-kra-group-add-001_2.out" \ + 0 \ + "Added group using KRA_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-kra-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group4 > $TmpDir/pki-kra-group-add-001_3.out" \ + 0 \ + "Added group using KRA_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-kra-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group5 > $TmpDir/pki-kra-group-add-001_4.out " \ + 0 \ + "Added group using KRA_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-kra-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group6 > $TmpDir/pki-kra-group-add-001_5.out " \ + 0 \ + "Added group using KRA_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-kra-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group7 > $TmpDir/pki-kra-group-add-001_6.out " \ + 0 \ + "Added group using KRA_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-kra-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-kra-group-add-001_7.out" \ + 0 \ + "Added group using KRA_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-kra-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='$groupdesc' g2 > $TmpDir/pki-kra-group-add-001_8.out" \ + 0 \ + "Added group using CA_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-010: Add a duplicate group to CA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-011: Add a group to KRA with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-add --description=\"$desc\" g3 > $TmpDir/pki-kra-group-add-0011.out" \ + 0 \ + "Add group g3 to CA" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-kra-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add g7 > $TmpDir/pki-kra-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-kra-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-add-0013.out" + rlPhaseEnd + + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-014: Should not be able to add group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-015: Should not be able to add group using a agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-016: Should not be able to add group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert KRA_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-017: Should not be able to add group using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-018: Should not be able to add group using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert KRA_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-019: Should not be able to add group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert KRA_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-020: Should not be able to add group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_operatorV" + rlPhaseEnd + + + ##### Tests to add groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-023: description with i18n characters" + rlLog "kra-group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Örjan Äke' g4 > $TmpDir/pki-kra-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-024: description with i18n characters" + rlLog "kra-group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Éric Têko' g5 > $TmpDir/pki-kra-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-025: description with i18n characters" + rlLog "kra-group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-kra-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-kra-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g6 > $TmpDir/pki-kra-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-kra-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_add-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-kra-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-add-001_57.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_kra_group_cli_kra_group_cleanup: Deleting groups" + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del '$grp' > $TmpDir/pki-kra-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-kra-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-kra-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÖrjanÄke' > $TmpDir/pki-kra-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÉricTêko' > $TmpDir/pki-kra-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-kra-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-del.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-del.sh new file mode 100755 index 000000000..b7d14adfc --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-del.sh @@ -0,0 +1,614 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-del Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-kra-group-cli-kra-group-del_tests(){ + + rlPhaseStartSetup "pki_kra_group_cli_kra_group_del-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-configtest-001: pki kra-group-del --help configuration test" + rlRun "pki kra-group-del --help > $TmpDir/kra_group_del.out 2>&1" 0 "pki kra-group-del --help" + rlAssertGrep "usage: kra-group-del <Group ID>" "$TmpDir/kra_group_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/kra_group_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-configtest-002: pki kra-group-del configuration test" + rlRun "pki kra-group-del > $TmpDir/kra_group_del_2.out 2>&1" 255 "pki kra-group-del" + rlAssertGrep "usage: kra-group-del <Group ID>" "$TmpDir/kra_group_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/kra_group_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/kra_group_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-003: Delete valid groups" + group1=kra_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to KRA using KRA_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g$i > $TmpDir/pki-kra-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to KRA using KRA_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del $grp > $TmpDir/pki-kra-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-kra-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-004: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del GROUP_ABC > $TmpDir/pki-kra-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-kra-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-005: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-006: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test \"$group2\" > $TmpDir/pki-kra-group-add-001_1.out" \ + 0 \ + "Added group using KRA_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del \"$group2\" > $TmpDir/pki-kra-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using KRA_adminV" + actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-007: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test '$groupid' > $TmpDir/pki-kra-group-add-001_8.out" \ + 0 \ + "Added group using KRA_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del '$groupid' > $TmpDir/pki-kra-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using KRA_adminV" + actual_groupid_string=`cat $TmpDir/pki-kra-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show '$groupid' > $TmpDir/pki-kra-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-kra-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-008: Delete group from KRA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-add-009.out" \ + 0 \ + "Add group g1 to KRA" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + group-del g1 > $TmpDir/pki-kra-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t kra option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-kra-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-009: Should not be able to delete group using a revoked cert KRA_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-kra-010.out" \ + 0 \ + "Add group g2 to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g2 > $TmpDir/pki-kra-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-010: Should not be able to delete group using a agent with revoked cert KRA_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-kra-010.out" \ + 0 \ + "Add group g3 to KRA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-kra-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-011: Should not be able to delete group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-kra-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-012: Should not be able to delete group using a admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-013: Should not be able to delete a group using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-014: Should not be able to delete group using a CA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-015: Should not be able to delete group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-016: Should not be able to delete group using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-017: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_del_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g3 > $TmpDir/pki-kra-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-group-show-kra-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-kra-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-kra-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-kra-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g3 > $TmpDir/pki-group-del-kra-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-018: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-kra-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-kra-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-kra-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del-019: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show 'ÉricTêko' > $TmpDir/pki-group-add-kra-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-kra-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-kra-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_del_cleanup-004: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-find.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-find.sh new file mode 100755 index 000000000..2d7439818 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-find.sh @@ -0,0 +1,626 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-find To list groups in KRA. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-kra-group-cli-kra-group-find_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_kra_group_cli_kra_group_find-startup: Create temporary directory and add groups" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-configtest-001: pki kra-group-find --help configuration test" + rlRun "pki kra-group-find --help > $TmpDir/kra_group_find.out 2>&1" 0 "pki kra-group-find --help" + rlAssertGrep "usage: kra-group-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/kra_group_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/kra_group_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/kra_group_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/kra_group_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-configtest-002: pki kra-group-find configuration test" + command="pki kra-group-find" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-group-find" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=5 > $TmpDir/pki-kra-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=0 > $TmpDir/pki-kra-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-005: Find all groups, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=$large_num > $TmpDir/pki-kra-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-kra-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=$maximum_check > $TmpDir/pki-kra-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-kra-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find > $TmpDir/pki-kra-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_10=`cat $TmpDir/pki-kra-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=10 > $TmpDir/pki-kra-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-kra-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=10000 > $TmpDir/pki-kra-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=$maximum_check > $TmpDir/pki-kra-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=0 > $TmpDir/pki-kra-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find > $TmpDir/pki-kra-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_12=`cat $TmpDir/pki-kra-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=12 --size=12 > $TmpDir/pki-kra-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-kra-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-kra-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find > $TmpDir/pki-kra-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in KRA" + group_entry_12=`cat $TmpDir/pki-kra-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=12 --size=0 > $TmpDir/pki-kra-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-021: Should not be able to find group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-022: Should not be able to find groups using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-023: Should not be able to find groups using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-024: Should not be able to find groups using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-025: Should not be able to find groups using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-026: Should not be able to find groups using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-027: Should not be able to find groups using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-028: Should not be able to find groups using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_find_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --start=1 --size=5 > $TmpDir/pki-kra-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-kra-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=1000 > $TmpDir/pki-kra-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-kra-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find --size=1000 > $TmpDir/pki-kra-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-kra-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find Administrator > $TmpDir/pki-kra-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-033: find group - filter 'KRA'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find KRA" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-find KRA > $TmpDir/pki-kra-group-show-034.out" \ + 0 \ + "Find group with Keyword KRA" + rlAssertGrep "Group ID: Enterprise KRA Administrators" "$TmpDir/pki-kra-group-show-034.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_find-034: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-add.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-add.sh new file mode 100755 index 000000000..fc2bfd924 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-add.sh @@ -0,0 +1,1039 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-cli-kra-group-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-member-add Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-group-cli-kra-group-member-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-kra-group-cli-kra-group-member-add_tests(){ + #Local variables + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartSetup "pki_kra_group_cli_kra_group_membership-add-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-002: pki kra-group-member configuration test" + rlRun "pki kra-group-member > $TmpDir/pki_kra_group_member_cfg.out 2>&1" \ + 0 \ + "pki kra-group-member" + rlAssertGrep "Commands:" "$TmpDir/pki_kra_group_member_cfg.out" + rlAssertGrep "kra-group-member-find Find group members" "$TmpDir/pki_kra_group_member_cfg.out" + rlAssertGrep "kra-group-member-add Add group member" "$TmpDir/pki_kra_group_member_cfg.out" + rlAssertGrep "kra-group-member-del Remove group member" "$TmpDir/pki_kra_group_member_cfg.out" + rlAssertGrep "kra-group-member-show Show group member" "$TmpDir/pki_kra_group_member_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-003: pki kra-group-member-add --help configuration test" + rlRun "pki kra-group-member-add --help > $TmpDir/pki_kra_group_member_add_cfg.out 2>&1" \ + 0 \ + "pki kra-group-member-add --help" + rlAssertGrep "usage: kra-group-member-add <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-004: pki kra-group-member-add configuration test" + rlRun "pki kra-group-member-add > $TmpDir/pki_kra_group_member_add_2_cfg.out 2>&1" \ + 255 \ + "pki kra-group-member-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_kra_group_member_add_2_cfg.out" + rlAssertGrep "usage: kra-group-member-add <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-005: Add users to available groups using valid admin user KRA_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-show u$i > $TmpDir/pki-kra-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki CA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-006: Add a user to all available groups using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-show userall > $TmpDir/pki-kra-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki CA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-show user1 > $TmpDir/pki-kra-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-009: Should be able to kra-group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-kra-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-kra-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-010: Should not be able to kra-group-member-add using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-011: Should not be able to kra-group-member-add using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-012: Should not be able to kra-group-member-add using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using admin user with expired cert CA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-013: Should not be able to kra-group-member-add using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-014: Should not be able to kra-group-member-add using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-015: Should not be able to kra-group-member-add using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-016: Should not be able to kra-group-member-add using KRA_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using KRA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-017: Should not be able to kra-group-member-add using KRA_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using KRA_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-018: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT kra-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "kra-user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find $groupid4 > $TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-kra-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=test_user us19 > $TmpDir/pki-kra-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-kra-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-kra-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-kra-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-019: Should not be able to kra-group-member-add using KRA_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-add using KRA_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-020: Should not be able to add a non existing user to a group" + user="tuser3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-add \"$groupid6\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-021: Add a group and add a user to the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g1description\" g1 > $TmpDir/pki-kra-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-kra-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-kra-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-kra-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g1 u9 > $TmpDir/pki-kra-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find g1 > $TmpDir/pki-kra-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-022: Add two group and add a user to the two different group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g2description\" g2 > $TmpDir/pki-kra-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-kra-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g3description\" g3 > $TmpDir/pki-kra-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-kra-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-kra-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-kra-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g2 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find g2 > $TmpDir/pki-kra-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g3 u10 > $TmpDir/pki-kra-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find g3 > $TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-023: Add a group, add a user to the group and delete the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g4description\" gr4 > $TmpDir/pki-kra-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-kra-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-kra-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-kra-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add gr4 u11 > $TmpDir/pki-kra-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find gr4 > $TmpDir/pki-kra-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-kra-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del gr4 > $TmpDir/pki-kra-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-kra-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-membership-find u11 > $TmpDir/pki-kra-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-024: Add a group, add a user to the group and modify the group using valid admin user KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g5description\" g4 > $TmpDir/pki-kra-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-kra-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-kra-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-kra-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g4 u12 > $TmpDir/pki-kra-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find g4 > $TmpDir/pki-kra-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-kra-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod g4 --description=\"Modified group\" > $TmpDir/pki-kra-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-kra-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-025: Add a group, add a user to the group, run kra-user-membership-del on the user and run kra-group-member-find using valid admin user CA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"g6description\" g5 > $TmpDir/pki-kra-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-kra-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-kra-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-kra-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add g5 u13 > $TmpDir/pki-kra-group-member-add-groupadd-026.out" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find g5 > $TmpDir/pki-kra-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-kra-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-membership-del u13 g5 > $TmpDir/pki-kra-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-kra-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find g5 > $TmpDir/pki-kra-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-add-cleanup-001: Deleting the temp directory and users and groups" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del u$i > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g$i > $TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-kra-group-member-add-group-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del userall > $TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-kra-group-member-add-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del user1 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del us19 > $TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-kra-group-member-add-user-del-kra-u13-001.out" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del testuser$i > $TmpDir/pki-group-member-add-kra-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-kra-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-del.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-del.sh new file mode 100755 index 000000000..737b7c94c --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-del.sh @@ -0,0 +1,737 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-group-cli-kra-group-member-del.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-kra-group-cli-kra-group-member-del_tests(){ + #Available groups kra-group-member-del + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-002: pki kra-group-member-del --help configuration test" + rlRun "pki kra-group-member-del --help > $TmpDir/pki_kra_group_member_del_cfg.out 2>&1" \ + 0 \ + "pki kra-group-member-del --help" + rlAssertGrep "usage: kra-group-member-del <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-003: pki kra-group-member-del configuration test" + rlRun "pki kra-group-member-del > $TmpDir/pki_kra_group_member_del_2_cfg.out 2>&1" \ + 255 \ + "pki kra-group-member-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_kra_group_member_del_2_cfg.out" + rlAssertGrep "usage: kra-group-member-del <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-004: Delete kra-group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-del \"$gid\" u$i > $TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-005: Delete kra-group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-del \"$gid\" userall > $TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-kra-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"Administrators\" user1 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete kra-group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-007: Missing required option <Member ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-kra-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-kra-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"Administrators\" user2 > $TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-kra-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete kra-group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-008: Should not be able to kra-group-member-del using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-009: Should not be able to kra-group-member-del using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete kra-group-member using a revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-010: Should not be able to kra-group-member-del using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert KRA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-011: Should not be able to kra-group-member-del using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-del using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-012: Should not be able to kra-group-member-del using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-del using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-013: Should not be able to kra-group-member-del using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-del using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-014: Should not be able to kra-group-member-del using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-del using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-015: Should not be able to kra-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-del using KRA_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-016: Should not be able to kra-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to kra-group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-017: Delete kra-group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-kra-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-kra-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-kra-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-kra-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-kra-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-018: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-kra-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-kra-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete kra-group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-kra-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-kra-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"Administrators\" u20 > $TmpDir/pki-kra-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-kra-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del u20 > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find Administrators > $TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-kra-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-kra-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-kra-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.out -t "u,u,u"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add testuser1 --input $TmpDir/pki_kra_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-kra-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-del \"Administrators\" testuser1 > $TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-kra-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT kra-user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-022: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-kra-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-kra-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"group1\" testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-kra-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'group1' > $TmpDir/pki-kra-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-kra-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-membership-find testuser2 > $TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-kra-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del u$i > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del userall > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del user1 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del user2 > $TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-kra-group-member-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del user123 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del testuser1 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del testuser2 > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-testuser2.out" + + + #===Deleting i18n group created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-find.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-find.sh new file mode 100755 index 000000000..c95a1f5e6 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-find.sh @@ -0,0 +1,774 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-cli-kra-group-member-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-member-find Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-group-cli-kra-group-member-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-kra-group-cli-kra-group-member-find_tests(){ + #Local variables + #Available groups kra-group-find + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-002: pki kra-group-member-find --help configuration test" + rlRun "pki kra-group-member-find --help > $TmpDir/pki_kra_group_member_find_cfg.out 2>&1" \ + 0 \ + "pki kra-group-member-find --help" + rlAssertGrep "usage: kra-group-member-find <Group ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_kra_group_member_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_kra_group_member_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-003: pki kra-group-member-find configuration test" + rlRun "pki kra-group-member-find > $TmpDir/pki_kra_group_member_find_2_cfg.out 2>&1" \ + 255 \ + "pki kra-group-member-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_kra_group_member_find_2_cfg.out" + rlAssertGrep "usage: kra-group-member-find <Group ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_kra_group_member_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_kra_group_member_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-004: Find kra-group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-kra-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-kra-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" u$i > $TmpDir/pki-kra-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-kra-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-005: Find kra-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-kra-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-kra-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"$gid\" userall > $TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find \"$gid\" > $TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-kra-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-006: Find kra-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"Test group\" group1 > $TmpDir/pki-kra-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-kra-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add group1 user$i > $TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 > $TmpDir/pki-kra-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-kra-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-kra-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-007: Find kra-group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --start=5 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-008: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --start=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-009: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRa_HOST -p $KRA_PORT kra-group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-010: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --start=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-011: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-012: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --size=0 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" 0 \ + "kra-group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-013: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --size=1 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" 0 \ + "kra-group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-014: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --size=15 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" 0 \ + "kra-group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-015: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --size=100 > $TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" 0 \ + "kra-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-kra-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-016: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "kra-group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-017: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-018: Find group members with -t kra option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-member-find group1 --size=5 > $TmpDir/pki-kra-group-member-find-018.out" \ + 0 \ + "Find kra-group-member with -t kra option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-019: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group1 --start=6 --size=5 > $TmpDir/pki-kra-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-kra-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-kra-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-kra-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-020: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-021: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-022: Should not be able to kra-group-member-find using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-023: Should not be able to group-member-find using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-group-member using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-024: Should not be able to kra-group-member-find using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent KRA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-025: Should not be able to kra-group-member-find using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-group-member using a expired admin CA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-026: Should not be able to kra-group-member-find using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent KRA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-027: Should not be able to kra-group-member-find using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor KRA_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-028: Should not be able to kra-group-member-find using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator KRA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-029: Should not be able to kra-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find kra-group-member using a untrusted CA_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-030: Should not be able to kra-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted KRA_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-031:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-kra-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-kra-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-kra-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-kra-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-032: Find kra-group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"Test group\" group2 > $TmpDir/pki-kra-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-kra-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-kra-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add group2 userid$i > $TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-find group2 > $TmpDir/pki-kra-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-kra-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-kra-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-kra-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member-find-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 10 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del u$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del user$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del userid$i > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del userall > $TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-group-member-find-user-del-kra-userall.out" + + + #===Deleting groups created using KRA_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'group1' > $TmpDir/pki-user-del-kra-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-kra-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'group2' > $TmpDir/pki-user-del-kra-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-kra-group2.out" + + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-show.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-show.sh new file mode 100755 index 000000000..d4fbd113e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-show.sh @@ -0,0 +1,508 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-member-show Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-group-cli-kra-group-member-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-kra-group-cli-kra-group-member-show_tests(){ + #local variables + group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartSetup "pki_kra_group_cli_kra_group_member_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_kra_group_member_show-configtest: pki kra-group-member-show configuration test" + rlRun "pki kra-group-member-show --help > $TmpDir/pki_kra_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki kra-group-member-show" + rlAssertGrep "usage: kra-group-member-show <Group ID> <Member ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show KRA groups #### + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-001: Add group to KRA using KRA_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group1 u1 > $TmpDir/pki_kra_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_kra_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_kra_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group1 U1 > $TmpDir/pki-kra-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-kra-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show TEST_GROUP u1 > $TmpDir/pki-kra-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-kra-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-kra-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-008: Should not be able to show group member using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-009: Should not be able to show group member using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-010: Should not be able to show group members using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-011: Should not be able to show group members using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-012: Should not be able to show group members using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-013: Should not be able to show group members using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-014: Should not be able to show group members using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-015: Should not be able to show group members using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_kra_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group1 u1 > $TmpDir/pki-kra-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=test u3 > $TmpDir/pki-kra-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-kra-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-kra-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-kra-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-018: Add group to KRA using KRA_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group2 u2 > $TmpDir/pki_kra_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_kra_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_kra_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-019: Add group to KRA using KRA_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using KRA_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-member-show $group3 u4 > $TmpDir/pki_kra_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_kra_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_kra_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_member_show_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del u$j > $TmpDir/pki-user-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-mod.sh new file mode 100755 index 000000000..14ee03e76 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-mod.sh @@ -0,0 +1,523 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-mod Modify existing groups in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-kra-group-cli-kra-group-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-kra-group-cli-kra-group-mod_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_kra_group_cli_kra_group_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +group1=kra_group +group1desc="Test kra group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test kra agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### pki_kra_group_cli_kra_group_mod-configtest #### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-configtest-001: pki kra-group-mod configuration test" + rlRun "pki kra-group-mod --help > $TmpDir/pki_kra_group_mod_cfg.out 2>&1" \ + 0 \ + "Group modification configuration" + rlAssertGrep "usage: kra-group-mod <Group ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_mod_cfg.out" + rlAssertGrep "\--description <description> Description" "$TmpDir/pki_kra_group_mod_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_mod_cfg.out" + rlPhaseEnd + + + ##### Tests to modify KRA groups #### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-002: Modify a group's description in CA using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + +rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-kra-group-mod-004.out" \ + 0 \ + "Modified group using KRA_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-kra-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$randsym\" g2 > $TmpDir/pki-kra-group-mod-005.out" \ + 0 \ + "Modified group using KRA_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-kra-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-kra-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=$ g3 > $TmpDir/pki-kra-group-mod-008.out" \ + 0 \ + "Modified group using CA_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-kra-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-006: Modify a group to KRA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-kra-group-mod-007.out" \ + 0 \ + "Modified group g4 to CA" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-kra-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-008: Should not be able to modify groups using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-009: Should not be able to modify group using an agent or a revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-010: Should not be able to modify groups using a KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-011: Should not be able to modify group using a KRA_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-012: Should not be able to modify group using a KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-013: Should not be able to modify group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-014: Should not be able to modify group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as KRA_operatorV" + rlPhaseEnd + +##### Tests to modify groups using KRA_adminUTCA and KRA_agentUTCA user's certificate will be issued by an untrusted KRA users##### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-015: Should not be able to modify groups using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify KRA groups with empty parameters #### + + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-017: Modify a user created group in KRA using KRA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description=\"\" g5 > $TmpDir/pki-kra-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-kra-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify KRA groups with the same value #### + + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-018: Modify a group in KRA using KRA_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group1 > $TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-kra-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-kra-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify KRA groups having i18n chars in the description #### + +rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-019: Modify a groups's description having i18n chars in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-kra-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-kra-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-kra-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-kra-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated KRA groups #### + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-021: Modify Administrator group's description in KRA using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-kra-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-kra-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_mod-022: Modify Administrators group in KRA using KRA_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show Administrators > $TmpDir/pki-kra-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-kra-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-mod --description=\"\" Administrators > $TmpDir/pki-kra-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-kra-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-kra-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_kra_group_cli_group_cleanup: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g$i > $TmpDir/pki-group-del-kra-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-kra-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del $i18ngroup > $TmpDir/pki-group-del-kra-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-kra-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-show.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-show.sh new file mode 100755 index 000000000..361e2767f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-show.sh @@ -0,0 +1,680 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-kra-group-cli +# Description: PKI kra-group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-group-cli-kra-group-show Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-kra-group-cli-kra-group-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-kra-group-cli-kra-group-show_tests(){ + +rlPhaseStartSetup "pki_kra_group_cli_kra_group_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + rlPhaseStartTest "pki_kra_group_show-configtest: pki kra-group-show configuration test" + rlRun "pki kra-group-show --help > $TmpDir/pki_kra_group_show_cfg.out 2>&1" \ + 0 \ + "pki kra-group-show" + rlAssertGrep "usage: kra-group-show <Group ID> \[OPTIONS...\]" "$TmpDir/pki_kra_group_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_group_show_cfg.out" + rlPhaseEnd + + ##### Tests to show KRA groups #### + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-001: Add group to KRA using KRA_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using KRA_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group1 > $TmpDir/pki-kra-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-kra-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-kra-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group2" \ + 0 \ + "Add group $group2 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group2 > $TmpDir/pki-kra-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-kra-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-kra-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group3" \ + 0 \ + "Add group $group3 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group3 > $TmpDir/pki-kra-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-kra-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-kra-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group4" \ + 0 \ + "Add group $group4 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group4 > $TmpDir/pki-kra-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-kra-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-kra-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group5" \ + 0 \ + "Add $group5 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group5 > $TmpDir/pki-kra-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-kra-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-kra-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group6" \ + 0 \ + "Add $group6 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group6 > $TmpDir/pki-kra-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-kra-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-kra-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test $group7" \ + 0 \ + "Add group $group7 using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show $group7 > $TmpDir/pki-kra-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-kra-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-kra-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='$desc' g1" \ + 0 \ + "Added group using KRA_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g1 > $TmpDir/pki-kra-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-kra-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-kra-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description='$desc' g2" \ + 0 \ + "Added group using CA_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g2 > $TmpDir/pki-kra-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-kra-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-kra-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-kra-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=# g3" \ + 0 \ + "Add group g3 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g3 > $TmpDir/pki-kra-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-kra-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-kra-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-kra-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=* g4" \ + 0 \ + "Add group g4 using pki CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g4 > $TmpDir/pki-kra-group-show-001_10.out" \ + 0 \ + "Show group g4 using KRA_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-kra-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-kra-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-kra-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g5 > $TmpDir/pki-kra-group-show-001_11.out" \ + 0 \ + "Show group g5 using KRA_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-kra-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-kra-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-kra-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g6 > $TmpDir/pki-kra-group-show-001_12.out" \ + 0 \ + "Show group g6 using KRA_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-kra-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-kra-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-kra-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-014: Show group with -t kra option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-add --description=test g7" \ + 0 \ + "Adding group g7 using CA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + -t kra \ + kra-group-show g7 > $TmpDir/pki-kra-group-show-001_32.out" \ + 0 \ + "Show group g7 using KRA_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-kra-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-kra-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show G7 > $TmpDir/pki-kra-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-kra-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-kra-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-kra-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-017: Should not be able to show group using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-018: Should not be able to show group using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-019: Should not be able to show group using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-020: Should not be able to show group using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-021: Should not be able to show group using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-022: Should not be able to show group using a KRA_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-023: Should not be able to show group using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-024: Should not be able to show group using a cert created from a untrusted KRA KRA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using KRA_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$KRA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $KRA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_group_show_encoded_0025pkcs10.out > $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_kra_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show g7 > $TmpDir/pki-kra-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-kra-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using KRA_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show 'ÖrjanÄke' > $TmpDir/pki-kra-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-kra-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-kra-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_show-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-add --description=test 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-show 'ÉricTêko' > $TmpDir/pki-kra-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-kra-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-kra-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_group_cli_kra_group_cleanup: Deleting the temp directory and groups" + + #===Deleting groups created using KRA_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del g$i > $TmpDir/pki-kra-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-kra-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using KRA_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del $grp > $TmpDir/pki-group-del-kra-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-kra-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-kra-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-kra-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-group-del 'ÉricTêko' > $TmpDir/pki-group-del-kra-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-kra-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh index f9a1f7ef1..abd5e5b67 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh @@ -53,30 +53,13 @@ run_pki-kra-user-cli-user-cert-add_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 +caId=$4 +caHost=$5 -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) ##### Create a temporary directory to save output files and initializing host/port variables ##### rlPhaseStartSetup "pki_user_cli_user_cert-add-kra-startup: Create temporary directory and initializing host/port variables" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -100,8 +83,9 @@ eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ca_admin_cert_nickname=$ROOTCA_ADMIN_CERT_NICKNAME -ROOTCA_agent_user="ROOTCA_agentV" +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV ##### pki_user_cli_user_cert_add_kra-configtest #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-configtest-001: pki kra-user-cert-add configuration test" rlRun "pki kra-user-cert-add --help > $TmpDir/pki_kra_user_cert_add_cfg.out 2>&1" \ @@ -122,8 +106,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-002-tier1: Add one cert to rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user2fullname\" $user2" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ @@ -138,22 +122,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-002-tier1: Add one cert to rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -169,29 +153,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-002-tier1: Add one cert to rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $user2" rlPhaseEnd @@ -202,8 +186,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-002-tier1: Add one cert to rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 4 ] ; do rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -219,22 +203,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-002-tier1: Add one cert to rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" \ 0 \ "PKCS10 Cert is added to the user $user1" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -250,22 +234,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-002-tier1: Add one cert to rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ 0 \ "CRMF Cert is added to the user $user1" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" let i=$i+1 @@ -278,8 +262,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-004: Adding expired cert to rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user2fullname\" $user2" local validityperiod="1 day" rlLog "Generate cert with validity period of $validityperiod" @@ -325,7 +309,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-004: Adding expired cert to rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out > $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" errmsg="BadRequestException: Certificate expired" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" @@ -352,28 +336,28 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-005: Add revoked cert to a rlRun "pki -d $CERTDB_DIR/ \ -n \"$ca_admin_cert_nickname\" \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -389,28 +373,28 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-005: Add revoked cert to a rlRun "pki -d $CERTDB_DIR/ \ -n \"$ca_admin_cert_nickname\" \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlPhaseEnd @@ -437,12 +421,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-006-tier1: Add one cert to rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" @@ -454,25 +438,25 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-007-tier1: Add one cert to rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New User1\" u1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $user2" errmsg="Error: Missing input file or serial number." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del u1" rlPhaseEnd ##### Add one cert to a user - argument for --input parameter missing ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-008: Add one cert to a user should fail when argument for the --input param is missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $user2 --input" errmsg="Error: Missing argument for option: input" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" @@ -500,13 +484,13 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-009: Add one cert to a user rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_009crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" errmsg="PKIException: Certificate exception" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" errmsg="PKIException: Certificate exception" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" @@ -514,7 +498,7 @@ rlPhaseEnd ##### Add one cert to a user - Input file does not exist ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0010: Add one cert to a user should fail when Input file does not exist " - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/tempfile.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $user2 --input $TmpDir/tempfile.pem" errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" @@ -536,22 +520,22 @@ rlPhaseStartTest "pki_kra__user_cli_kra_user_cert-add-0011: Add one cert to a us rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -567,22 +551,22 @@ rlPhaseStartTest "pki_kra__user_cli_kra_user_cert-add-0011: Add one cert to a us rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlPhaseEnd @@ -593,8 +577,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0012: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" --type=Auditors $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ @@ -609,22 +593,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0012: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -640,29 +624,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0012: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -673,8 +657,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ @@ -689,22 +673,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -720,29 +704,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -753,8 +737,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0014: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ @@ -769,22 +753,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0014: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -800,29 +784,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0014: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -833,8 +817,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ @@ -849,22 +833,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -880,29 +864,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out 2>&1" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -913,8 +897,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0016: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ @@ -929,22 +913,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0016: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -960,29 +944,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0016: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -993,8 +977,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ @@ -1009,22 +993,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1040,29 +1024,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -1073,8 +1057,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0018: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ @@ -1089,22 +1073,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0018: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ _kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1120,29 +1104,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0018: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -1154,29 +1138,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-add Administrators admin_user > $TmpDir/pki-kra-user-add-group0019.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-add Administrators admin_user1 > $TmpDir/pki-kra-user-add-group00191.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1204,36 +1188,36 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user admin_user" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User1\" new_test_user1" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_add_useradd_0019.out 2>&1" \ 0 \ "Adding a new user as admin_user" @@ -1244,36 +1228,36 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" \ 0 \ "CRMF Cert is added to the user admin_user" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User2\" new_test_user2" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out 2>&1" \ 0 \ "Adding a new user as admin_user" @@ -1284,42 +1268,42 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-del Administrators admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-del Administrators admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del new_test_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del new_test_user2" rlPhaseEnd @@ -1331,8 +1315,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-CA-0020: Adding a cert as a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1357,12 +1341,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-CA-0020: Adding a cert as a rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid KRA agent user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid KRA agent user" @@ -1377,8 +1361,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0021: Adding a cert as vali rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1403,12 +1387,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0021: Adding a cert as vali rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a KRA auditor user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " @@ -1422,8 +1406,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0022: Adding a cert as CA_a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1452,12 +1436,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0022: Adding a cert as CA_a rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" @@ -1474,8 +1458,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0023: Adding a cert as an a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1500,12 +1484,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0023: Adding a cert as an a rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" @@ -1521,8 +1505,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0024: Adding a cert as an a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1547,12 +1531,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0024: Adding a cert as an a rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" @@ -1568,8 +1552,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0025: Adding a cert as agen rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1598,12 +1582,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0025: Adding a cert as agen rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" @@ -1620,8 +1604,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0026: Adding a cert as role rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1646,12 +1630,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0026: Adding a cert as role rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" @@ -1667,8 +1651,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0027: Adding a cert as KRA_ rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1693,12 +1677,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0027: Adding a cert as KRA_ rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_agentUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user KRA_agentUTCA" @@ -1714,8 +1698,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0028: Adding a cert as KRA_ rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1740,12 +1724,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0028: Adding a cert as KRA_ rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" @@ -1760,8 +1744,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0029: Adding a cert as user rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$userFullname\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1786,12 +1770,12 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0029: Adding a cert as user rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" - command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" - command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" @@ -1814,22 +1798,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0030: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1845,22 +1829,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0030: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlPhaseEnd @@ -1872,8 +1856,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0031: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$username\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ @@ -1885,22 +1869,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0031: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_pkcs10_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1913,28 +1897,28 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0031: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_crmf_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -1946,8 +1930,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0032: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$username\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ @@ -1959,22 +1943,22 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0032: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1987,29 +1971,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0032: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -2021,8 +2005,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0033: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$username\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ @@ -2036,10 +2020,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0033: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" errmsg="Error: Conflicting options: --input and --serial." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" @@ -2057,10 +2041,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0033: Add one cert to a use rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" errmsg="Error: Conflicting options: --input and --serial." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" @@ -2068,8 +2052,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0033: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -2082,10 +2066,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0034: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$username\" $userid" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=-100" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --serial=-100" errmsg="CertNotFoundException: Certificate ID $dectohex not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" @@ -2093,8 +2077,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0034: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -2106,10 +2090,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0035: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$username\" $userid" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --serial" errmsg="Error: Missing argument for option: serial" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" @@ -2117,8 +2101,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0035: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd @@ -2130,10 +2114,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0036: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$username\" $userid" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial='abc'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --serial='abc'" errmsg="NumberFormatException: For input string: \"abc\"" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " @@ -2141,8 +2125,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0036: Add one cert to a use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $userid" rlPhaseEnd #rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" @@ -2269,8 +2253,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ "Deleted user $usr" @@ -2283,8 +2267,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $usr > $TmpDir/pki-user-del-kra-new-user-00$j.out" \ 0 \ "Deleted user $usr" diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh index 96f42d0d2..a62468007 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh @@ -53,29 +53,12 @@ run_pki-kra-user-cli-kra-user-cert-delete_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) ##### Create temporary directory to save output files##### rlPhaseStartSetup "pki_kra_user_cli_kra_user_cert-del-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -101,7 +84,8 @@ eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ROOTCA_agent_user="ROOTCA_agentV" +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV ##### pki_kra_user_cli_kra_user_cert_delete-configtest #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-configtest-001: pki kra-user-cert-del configuration test" rlRun "pki kra-user-cert-del --help > $TmpDir/pki_kra_user_cert_del_cfg.out 2>&1" \ @@ -121,8 +105,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 4 ] ; do rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -157,8 +141,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ 0 \ "Cert is added to the user $user1" @@ -166,8 +150,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ 0 \ "Cert is added to the user $user1" @@ -177,40 +161,40 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002pkcs10.out" \ 0 \ "Delete cert assigned to $user1" - rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002pkcs10.out" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002crmf.out" \ 0 \ "Delete cert assigned to $user1" - rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002crmf.out" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $user1" rlPhaseEnd @@ -221,8 +205,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 4 ] ; do rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -250,15 +234,15 @@ ROOTCA_agent_user="ROOTCA_agentV" local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} serialhexcrmfuser1[$i]=$valid_crmf_serialNumber serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "pki -h $KRA_HOST -p $KRA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ 0 \ "Cert is added to the user $user1" @@ -266,8 +250,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ 0 \ "Cert is added to the user $user1" @@ -275,13 +259,13 @@ ROOTCA_agent_user="ROOTCA_agentV" done i=0 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" rlLog "Executing: $command" errmsg="PKIException: Failed to modify user." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if Invalid Cert ID is provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" rlLog "Executing: $command" errmsg="PKIException: Failed to modify user." errorcode=255 @@ -293,13 +277,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-004: pki kra-user-cert-del should fail if a non-existing User ID is provided" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: User not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if a non-existing User ID is provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: User not found" errorcode=255 @@ -313,16 +297,16 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user2fullname\" $user2" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: Certificate not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if there is a Cert ID and User ID mismatch" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: Certificate not found" errorcode=255 @@ -333,13 +317,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-006-tier1: pki kra-user-cert-del should fail if User ID is not provided" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if User ID is not provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="Error: Incorrect number of arguments specified." errorcode=255 @@ -349,7 +333,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Delete certs asigned to a user - no Cert ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-007-tier1: pki kra-user-cert-del should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1" rlLog "Executing: $command" errmsg="Error: Incorrect number of arguments specified." errorcode=255 @@ -360,13 +344,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-008: Delete certs assigned to a user - as KRA_agentV should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid agent cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -377,13 +361,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-009: Delete certs assigned to a user - as KRA_auditorV should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid auditor cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -399,13 +383,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired admin cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -422,13 +406,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired agent cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -442,13 +426,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0012: Delete certs assigned to a user - as KRA_adminR should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked admin cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -461,13 +445,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0013: Delete certs assigned to a user - as KRA_agentR should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked agent cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -480,13 +464,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0014: Delete certs assigned to a user - as role_user_UTCA should fail" i=1 - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an untrusted cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -499,13 +483,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0015: Delete certs assigned to a user - as KRA_operatorV should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid operator cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -516,13 +500,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" - command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -535,13 +519,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0017: Delete certs assigned to a user - switch positions of the required options" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" rlLog "Executing: $command" errmsg="Error:" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if the required options are switched positions" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" rlLog "Executing: $command" errmsg="Error:" errorcode=255 @@ -584,8 +568,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_0019.out" \ 0 \ "Cert is added to the user $user2" @@ -593,42 +577,42 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_0019.out" \ 0 \ "Cert is added to the user $user1" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019pkcs10.out" \ 0 \ "Delete cert assigned to $user2" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019pkcs10.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019crmf.out" \ 0 \ "Delete cert assigned to $user2" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019crmf.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019crmf.out" rlPhaseEnd ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### @@ -637,29 +621,29 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-add Administrators admin_user > $TmpDir/pki-user-add-kra-group0019.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-kra-group00191.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -687,14 +671,14 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user admin_user" @@ -703,14 +687,14 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User1\" new_test_user1" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_del_useradd_0020.out 2>&1" \ 0 \ "Adding a new user as admin_user" @@ -721,14 +705,14 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020pkcs10.out" \ 0 \ "Delete cert assigned to admin_user" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020pkcs10.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020pkcs10.out" - command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT kra-user-add --fullName='New Test User6' new_test_user6" + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT kra-user-add --fullName='New Test User6' new_test_user6" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -737,14 +721,14 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020crmf.out" \ 0 \ "CRMF Cert is added to the user admin_user1" @@ -753,14 +737,14 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User2\" new_test_user2" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out 2>&1" \ 0 \ "Adding a new user as admin_user1" @@ -771,14 +755,14 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020crmf.out" \ 0 \ "Delete cert assigned to admin_user1" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020crmf.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020crmf.out" - command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT kra-user-add --fullName='New Test User6' new_test_user6" + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT kra-user-add --fullName='New Test User6' new_test_user6" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -787,42 +771,42 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-del Administrators admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-group-member-del Administrators admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del new_test_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del new_test_user2" rlPhaseEnd @@ -835,8 +819,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ "Deleted user $usr" diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh index f6c59d777..2f7cebf33 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh @@ -53,30 +53,13 @@ run_pki-kra-user-cli-kra-user-cert-find_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 +caId=$4 +caHost=$5 -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) #####Create temporary dir to save the output files##### rlPhaseStartSetup "pki_kra_user_cli_kra_user_cert-find-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -102,9 +85,9 @@ eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME -ROOTCA_agent_user="ROOTCA_agentV" -admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) ##### pki_user_cli_user_cert_find_ca-configtest #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-configtest-001: pki kra-user-cert-find configuration test" rlRun "pki kra-user-cert-find --help > $TmpDir/pki_kra_user_cert_find_cfg.out 2>&1" \ @@ -124,8 +107,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-002: Find the certs of a u rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 2 ] ; do rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -155,14 +138,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-002: Find the certs of a u rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ 0 \ "Cert is added to the user $user1" @@ -170,14 +153,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-002: Find the certs of a u rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ 0 \ "Cert is added to the user $user1" @@ -186,14 +169,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-002: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_002.out" \ 0 \ "Finding certs assigned to $user1" @@ -202,16 +185,16 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-002: Find the certs of a u rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_002.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" let i=$i+1 @@ -225,8 +208,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-003: Find the certs of a u rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user2fullname\" $user2" while [ $i -lt 12 ] ; do rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -256,14 +239,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-003: Find the certs of a u rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ 0 \ "Cert is added to the user $user2" @@ -271,14 +254,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-003: Find the certs of a u rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ 0 \ "Cert is added to the user $user2" @@ -287,14 +270,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-003: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 > $TmpDir/pki_kra_user_cert_find_003.out" \ 0 \ "Finding certs assigned to $user2" @@ -302,16 +285,16 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-003: Find the certs of a u rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_003.out" i=0 while [ $i -lt 10 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" let i=$i+1 @@ -322,7 +305,7 @@ rlPhaseEnd ##### Find certs assigned to a KRA user - with userid argument - user id does not exist #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-004: Find the certs of a user in KRA --userid only - user does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find tuser" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find tuser" errmsg="UserNotFoundException: User tuser not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" @@ -334,20 +317,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-005: Find the certs of a u rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user3fullname\" $user3" rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user3" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user3 > $TmpDir/pki_kra_user_cert_find_005.out" \ 0 \ "Finding certs assigned to $user3" @@ -360,29 +343,29 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-006: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --size=2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --size=2 > $TmpDir/pki_kra_user_cert_find_006.out" \ 0 \ "Finding certs assigned to $user1" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_006.out" i=0 - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_kra_user_cert_find_006.out" @@ -394,14 +377,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-007: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --size=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --size=0 > $TmpDir/pki_kra_user_cert_find_007.out" \ 0 \ "Finding certs assigned to $user1" @@ -412,7 +395,7 @@ rlPhaseEnd ##### Find certs assigned to a KRA user - with --size=-1 #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-008: Find the certs of a user in KRA --size=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user1 --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user1 --size=-1" errmsg="The value for size shold be greater than or equal to 0" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" @@ -425,14 +408,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-009: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --size=50" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --size=50 > $TmpDir/pki_kra_user_cert_find_009.out" \ 0 \ "Finding certs assigned to $user1 --size=50" @@ -440,16 +423,16 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-009: Find the certs of a u rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_009.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" let i=$i+1 @@ -462,30 +445,30 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0010: Find the certs of a rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $ruser1 --start=2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --start=2 > $TmpDir/pki_kra_user_cert_find_0010.out" \ 0 \ "Finding certs assigned to $user1" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0010.out" let newnumcerts=$numcertsuser1-2 i=1 - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_kra_user_cert_find_0010.out" @@ -497,14 +480,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-011: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --start=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --start=0 > $TmpDir/pki_kra_user_cert_find_0011.out" \ 0 \ "Finding certs assigned to $user1 --start=0" @@ -512,16 +495,16 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-011: Find the certs of a u rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0011.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" let i=$i+1 @@ -534,30 +517,30 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-012: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=0 > $TmpDir/pki_kra_user_cert_find_0012.out" \ 0 \ "Finding certs assigned to $user2 --start=0" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0012.out" i=0 while [ $i -lt 10 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" let i=$i+1 @@ -568,7 +551,7 @@ rlPhaseEnd ##### Find certs assigned to a KRA user - with --start=-1 #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0013: Find the certs of a user in KRA --start=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user1 --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user1 --start=-1" errmsg="The value for size shold be greater than or equal to 0" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" @@ -581,14 +564,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0014: Find the certs of a rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --start=50" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --start=50 > $TmpDir/pki_kra_user_cert_find_0014.out" \ 0 \ "Finding certs assigned to $user1 --start=50" @@ -602,14 +585,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0015: Find the certs of a rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --start=0 --size=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_kra_user_cert_find_0015.out" \ 0 \ "Finding certs assigned to $user1 --start=0" @@ -626,8 +609,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0016: Find the certs of a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$newuserfullname\" $newuserid" while [ $i -lt 2 ] ; do rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -657,14 +640,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0016: Find the certs of a rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ 0 \ "Cert is added to the user $newuserid" @@ -672,14 +655,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0016: Find the certs of a rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ 0 \ "Cert is added to the user $newuserid" @@ -688,14 +671,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0016: Find the certs of a rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $newuserid" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $newuserid > $TmpDir/pki_kra_user_cert_find_0016.out" \ 0 \ "Finding certs assigned to $newuserid" @@ -704,16 +687,16 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0016: Find the certs of a rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0016.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" let i=$i+1 @@ -721,15 +704,15 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0016: Find the certs of a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $newuserid" rlPhaseEnd ##### Find certs assigned to a KRA user - with --size=-1 and size=-1 #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0017: Find the certs of a user in KRA --start=-1 and size=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user1 --start=-1 --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user1 --start=-1 --size=-1" errmsg="The value for size and start should be greater than or equal to 0" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" @@ -743,30 +726,30 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-018: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=20 --size=20" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_kra_user_cert_find_0018.out" \ 0 \ "Finding certs assigned to $user2" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0018.out" i=10 while [ $i -lt 12 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" let i=$i+1 @@ -780,30 +763,30 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-019: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=0 --size=20" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_kra_user_cert_find_0019.out" \ 0 \ "Finding certs assigned to $user2" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0019.out" i=0 while [ $i -lt 10 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" let i=$i+1 @@ -817,23 +800,23 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-020: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=22 --size=1" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_kra_user_cert_find_0020.out" \ 0 \ "Finding certs assigned to $user2" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0020.out" i=11 - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0020.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_kra_user_cert_find_0020.out" rlPhaseEnd @@ -844,30 +827,30 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-021: Find the certs of a u rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=22 --size=10" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_kra_user_cert_find_0021.out" \ 0 \ "Finding certs assigned to $user2" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0021.out" i=11 while [ $i -lt 12 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" let i=$i+1 @@ -900,8 +883,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-022: Find certs assigned t rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ 0 \ "Cert is added to the user $user1" @@ -909,8 +892,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-022: Find certs assigned t rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ 0 \ "Cert is added to the user $user1" @@ -918,28 +901,28 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-022: Find certs assigned t rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_0022.out" \ 0 \ "Finding certs assigned to $user1" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0022.out" @@ -948,7 +931,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a valid agent user #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-023: Find the certs of a user as KRA_agentV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as a valid agent user" @@ -957,7 +940,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a valid auditor user #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-024: Find the certs of a user as KRA_auditorV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as a valid auditor user" @@ -969,7 +952,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-025: Find the certs of a u rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an admin user with an expired cert" @@ -980,7 +963,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as an admin user with revoked cert ### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-026: Find the certs of a user as KRA_adminR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an admin user with a revoked cert" @@ -991,7 +974,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as an agent user with revoked cert ### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-027: Find the certs of a user as KRA_agentR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an agent user with a revoked cert" @@ -1005,7 +988,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-028: Find the certs of a u rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an agent user with an expired cert" @@ -1016,7 +999,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a user whose KRA cert has not been trusted ### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-029: Find the certs of a user as role_user_UTCA should fail" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an admin user with untrusted cert" @@ -1025,7 +1008,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a valid operator user ### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-030: Find the certs of a user as operatorV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as operatorV" @@ -1034,7 +1017,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a user not associated with any role ### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-031: Find the certs of a user as a user not associated with any role, should fail" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as a user not assigned to any role" @@ -1044,7 +1027,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - userid is missing ### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-032: Find the certs of a user - userid missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail without User ID" @@ -1053,7 +1036,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - user id missing with --start and --size options ### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-033: Find the certs of a user - userid missing with --start and --size options" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find --start=1 --size=1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-find --start=1 --size=1" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail without User ID" @@ -1068,8 +1051,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ "Deleted user $usr" diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh index 851840d77..4b1ef6787 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh @@ -53,30 +53,12 @@ run_pki-kra-user-cli-kra-user-cert-show_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) ##### Create temporary directory to save output files ##### rlPhaseStartSetup "pki_kra_user_cli_kra_user_cert-show-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -102,7 +84,8 @@ eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ROOTCA_agent_user="ROOTCA_agentV" +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) ##### pki_kra_user_cli_kra_user_cert_show-configtest #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-configtest-001: pki kra-user-cert-show configuration test" rlRun "pki kra-user-cert-show --help > $TmpDir/pki_kra_user_cert_show_cfg.out 2>&1" \ @@ -124,8 +107,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user2fullname\" $user2" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -155,61 +138,61 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002.out" \ 0 \ "Cert is added to the user $user2" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002.out" \ 0 \ "Show cert assigned to $user2" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002crmf.out" \ 0 \ "Cert is added to the user $user2" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" \ 0 \ "Show cert assigned to $user2" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlPhaseEnd @@ -217,12 +200,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-003: pki kra-user-cert-show should fail if an invalid Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when an invalid Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when an invalid Cert ID is provided" @@ -233,12 +216,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-004: pki kra-user-cert-show should fail if a non-existing User ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="UserNotFoundException: User testuser4 not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when a non-existing User ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="UserNotFoundException: User testuser4 not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when a non existing User ID is provided" @@ -251,16 +234,16 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user1fullname\" $user1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user1" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user1" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" @@ -269,7 +252,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - no User ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-006-tier1: pki kra-user-cert-show should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when User ID is not provided" @@ -282,18 +265,18 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New User1\" u16" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show u16" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when Cert ID is not provided" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del u16" rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" rlPhaseEnd @@ -304,22 +287,22 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --encoded option" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" @@ -335,23 +318,23 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" \ 0 \ "Show cert assigned to $user2 with --encoded option" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" @@ -369,12 +352,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --encoded option - no User ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-009: pki kra-user-cert-show with --encoded option should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" @@ -385,7 +368,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --encoded option - no Cert ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0010: pki kra-user-cert-show with --encoded option should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 --encoded" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --encoded option should throw an error when Cert ID is not provided" @@ -398,15 +381,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --output option" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" @@ -420,25 +403,25 @@ ROOTCA_agent_user="ROOTCA_agentV" else rlFail "Serial number does not match" fi - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" \ 0 \ "Show cert assigned to $user2 with --output option" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" @@ -452,11 +435,11 @@ ROOTCA_agent_user="ROOTCA_agentV" else rlFail "Serial number does not match" fi - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlPhaseEnd @@ -464,12 +447,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - no User ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0012: pki kra-user-cert-show with --output option should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" @@ -480,7 +463,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - no Cert ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0013: pki kra-user-cert-show with --output option should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when Cert ID is not provided" @@ -490,12 +473,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - Directory does not exist ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0014: pki kra-user-cert-show with --output option should fail if directory does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when directory does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when directory does not exist" @@ -505,12 +488,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0015: pki kra-user-cert-show with --output option should fail if argument for --option is missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" errmsg="Error: Missing argument for option: output" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when argument for --option is missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" errmsg="Error: Missing argument for option: output" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when argument for --option is missing" @@ -523,22 +506,22 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --pretty option" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" @@ -549,22 +532,22 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" \ 0 \ "Show cert assigned to $user2 with --pretty option" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" @@ -576,12 +559,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --pretty option - no User ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0017: pki kra-user-cert-show with --pretty option should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" @@ -592,7 +575,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --pretty option - no Cert ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0018: pki kra-user-cert-show with --pretty option should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 --pretty" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --pretty option should throw an error when Cert ID is not provided" @@ -607,8 +590,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$newuserfullname\" $newuserid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ @@ -637,36 +620,36 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --pretty --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" @@ -689,22 +672,22 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" \ 0 \ "Show cert assigned to $user2 with --pretty --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" @@ -727,20 +710,20 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $newuserid" rlPhaseEnd ##### Show certs asigned to a user - as KRA_agentV ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0020: Show certs assigned to a user - as KRA_agentV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid agent cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid agent cert" @@ -749,12 +732,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA_auditorV ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0021: Show certs assigned to a user - as KRA_auditorV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid auditor cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid auditor cert" @@ -766,12 +749,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired admin cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired admin cert" @@ -786,12 +769,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired agent cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired agent cert" @@ -803,12 +786,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA_adminR ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0024: Show certs assigned to a user - as KRA_adminR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked admin cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked admin cert" @@ -819,12 +802,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA_agentR ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0025: Show certs assigned to a user - as KRA_agentR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked agent cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked agent cert" @@ -835,12 +818,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as role_user_UTCA ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0026: Show certs assigned to a user - as role_user_UTCA should fail" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an untrusted cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an untrusted cert" @@ -849,12 +832,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA operator user ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0027: Show certs assigned to a user - as KRA operator user should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an operator user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an operator user" @@ -866,22 +849,22 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" @@ -899,22 +882,22 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" \ 0 \ "Show cert assigned to $user2 with --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" @@ -934,12 +917,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as a user not associated with any role##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0029: Show certs assigned to a user - as a user not associated with any role, should fail" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an user not associated with any role" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an user not associated with any role" @@ -948,7 +931,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - switch position of the required options##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0030: Show certs assigned to a user - switch position of the required options" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" errmsg="User Not Found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when required options are switched positions" @@ -958,12 +941,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - incomplete Cert ID ##### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when an incomplete Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when an incomplete Cert ID is provided" @@ -999,59 +982,59 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_0032.out" \ 0 \ "Cert is added to the user $user1" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" \ 0 \ "Show cert assigned to $user1" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_crmf_0032.out" \ 0 \ "Cert is added to the user $user1" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ - kra-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" \ 0 \ "Show cert assigned to $user1" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlPhaseEnd @@ -1065,8 +1048,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ "Deleted user $usr" @@ -1075,7 +1058,7 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" done #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd } diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh index 8955dfdf5..6260bb5a3 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh @@ -52,30 +52,11 @@ run_pki-kra-user-cli-kra-user-mod_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 +caId=$4 -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) #####Create temporary dir to save the output files ##### rlPhaseStartSetup "pki_kra_user_cli_kra_user_mod-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -129,20 +110,20 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user1fullname\" $user1" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$user1_mod_fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-002.out" \ 0 \ "Modified $user1 fullname" @@ -157,14 +138,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-kra-user-mod-003.out" \ 0 \ "Modified $user1 information" @@ -185,20 +166,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-004:--email with characters and rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u1" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-kra-user-mod-004.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" @@ -211,25 +192,27 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-004:--email with characters and #### Modify a user's email with maximum length and symbols #### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-005:--email with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` - + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlLog "$randsym_b64" + rlLog "$randsym" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u2" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=\"$randsym\" u2" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=\"$randsym\" u2 > $TmpDir/pki-kra-user-mod-005.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" @@ -251,20 +234,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-004:--email with characters and rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u3" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email # u3" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=# u3 > $TmpDir/pki-kra-user-mod-006.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" @@ -280,20 +263,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-007:--email with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u4" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email * u4" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=* u4 > $TmpDir/pki-kra-user-mod-007.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" @@ -309,20 +292,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-007:--email with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u5" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email $ u5" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=$ u5 > $TmpDir/pki-kra-user-mod-008.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" @@ -338,20 +321,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-009:--email as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u6" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email 0 u6" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=0 u6 > $TmpDir/pki-kra-user-mod-009.out " \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" @@ -367,20 +350,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-009:--email as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u7" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-kra-user-mod-010.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" @@ -393,24 +376,27 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-009:--email as number 0 " #### Modify a user's state with maximum length and symbols #### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-011:--state with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlLog "$randsym_b64" + rlLog "$randsym" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u8" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state=\"$randsym\" u8" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state=\"$randsym\" u8 > $TmpDir/pki-kra-user-mod-011.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" @@ -432,20 +418,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-011:--state with maximum length rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u9" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state # u9" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state=# u9 > $TmpDir/pki-kra-user-mod-012.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" @@ -461,20 +447,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-013:--state with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u10" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state * u10" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state=* u10 > $TmpDir/pki-kra-user-mod-013.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" @@ -490,20 +476,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-013:--state with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u11" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state $ u11" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state=$ u11 > $TmpDir/pki-kra-user-mod-014.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" @@ -519,20 +505,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-015:--state as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u12" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state 0 u12" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --state=0 u12 > $TmpDir/pki-kra-user-mod-015.out " \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" @@ -548,20 +534,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-015:--state as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u13" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-kra-user-mod-016.out" \ 0 \ "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" @@ -574,14 +560,15 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-015:--state as number 0 " #### Modify a user's phone with maximum length and symbols #### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-017:--phone with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test usr1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone='$randsym' usr1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --phone='$randsym' usr1" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" @@ -590,18 +577,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-017:--phone with maximum length #### Modify a user's phone with maximum length and numbers only #### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-018:--phone with maximum length and numbers only " - randsym=`cat /dev/urandom | tr -dc '0-9' | fold -w 1024 | head -n 1` + randhex=$(openssl rand -hex 1024 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --phone=\"$randsym\" usr1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-kra-user-mod-018.out"\ 0 \ "Modify user with maximum length and numbers only" @@ -617,10 +606,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-018:--phone with maximum length rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test usr2" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone=\"#\" usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --phone=\"#\" usr2" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" @@ -632,10 +621,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-020:--phone with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test usr3" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone=\"*\" usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --phone=\"*\" usr3" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" @@ -647,10 +636,10 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-020:--phone with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test usr4" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone $ usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --phone $ usr4" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" @@ -662,20 +651,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-022:--phone as negative number - rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u14" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --phone -1230 u14" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --phone=-1230 u14 > $TmpDir/pki-kra-user-mod-022.out " \ 0 \ "Modifying User --phone negative value" @@ -689,7 +678,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-022:--phone as negative number - #### Modify a user - missing required option user id #### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-023-tier1: Modify a user -- missing required option user id" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname'" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" @@ -705,14 +694,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-024-tier1: Modify a user -- all rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=test u15" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$user1fullname\" \ --email $email \ --password $user_password \ @@ -723,8 +712,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-024-tier1: Modify a user -- all rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$user1fullname\" \ --email $email \ --password $user_password \ @@ -745,7 +734,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-024-tier1: Modify a user -- all rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password " userpw="pass" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod $user1 --fullName='$user1fullname' --password=$userpw" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod $user1 --fullName='$user1fullname' --password=$userpw" errmsg="PKIException: The password must be at least 8 characters" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" @@ -753,7 +742,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password ##### Tests to modify users using revoked cert##### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-026: Should not be able to modify user using a revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1_mod_fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1_mod_fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" @@ -763,14 +752,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password ##### Tests to modify users using an agent user##### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-027: Should not be able to modify user using a valid agent user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" rlPhaseEnd rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-028: Should not be able to modify user using an agent user with a revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" @@ -783,7 +772,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" @@ -795,7 +784,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" @@ -805,7 +794,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password ##### Tests to modify users using audit users##### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-031: Should not be able to modify user using an auditor user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" @@ -813,7 +802,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password ##### Tests to modify users using operator user### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-032: Should not be able to modify user using an operator user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as CA_operatorV" @@ -821,14 +810,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password ##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted KRA users##### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-033: Should not be able to modify user using a cert created from a untrusted KRA role_user_UTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" rlPhaseEnd rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' u17" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName='$user1fullname' u17" errmsg="ResourceNotFoundException: No such object." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" @@ -840,15 +829,15 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$user1fullname\" \ --email $email \ --password $user_password \ --phone $phone \ --state $state \ u16" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName=\"\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --fullName=\"\" u16" errmsg="BadRequestException: Invalid DN syntax." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" @@ -861,8 +850,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-show u16 > $TmpDir/pki-kra-user-mod-038_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-038_1.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-038_1.out" @@ -873,14 +862,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=\"\" u16" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=\"\" u16 > $TmpDir/pki-kra-user-mod-038_2.out" \ 0 \ "Modifying $user1 with empty email" @@ -897,15 +886,15 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-show u16 > $TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-039_1.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone=\"\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --phone=\"\" u16" rlRun "$command" 0 "Successfully updated phone to empty value" rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" rlPhaseEnd @@ -916,14 +905,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-show u16 > $TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-040_1.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --state=\"\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --state=\"\" u16" rlRun "$command" 0 "Successfully updated phone to empty value" rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" rlPhaseEnd @@ -935,8 +924,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-show $user1 > $TmpDir/pki-kra-user-mod-041_1.out" rlAssertGrep "User \"$user1\"" "$TmpDir/pki-kra-user-mod-041_1.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-041_1.out" @@ -944,14 +933,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$user1_mod_fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-041_2.out" \ 0 \ "Modifying $user1 with same old fullname" @@ -966,8 +955,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-show u16 > $TmpDir/pki-kra-user-mod-042_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-042_1.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-042_1.out" @@ -976,14 +965,14 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID do rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=\"$email\" u16" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --email=\"$email\" u16 > $TmpDir/pki-kra-user-mod-042_2.out" \ 0 \ "Modifying u16 with new value for phone which was previously empty" @@ -999,20 +988,20 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-041: Modify a user's fullname ha rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"$i18nuserfullname\" $i18nuser" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-kra-user-mod-043.out" \ 0 \ "Modified $i18nuser fullname" @@ -1024,7 +1013,7 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-041: Modify a user's fullname ha ##### Tests to modify KRA users having i18n chars in email #### rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-042: Modify a user's email having i18n chars in KRA using an admin user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --email=$i18nuser_mod_email $i18nuser" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-mod --email=$i18nuser_mod_email $i18nuser" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" @@ -1039,8 +1028,8 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ 0 \ "Deleted user u$i" @@ -1053,8 +1042,8 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del usr$i > $TmpDir/pki-usr-del-kra-usr-00$i.out" \ 0 \ "Deleted user usr$i" @@ -1068,8 +1057,8 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ "Deleted user $usr" @@ -1079,8 +1068,8 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-del $i18nuser > $TmpDir/pki-user-del-kra-i18nuser-001.out" \ 0 \ "Deleted user $i18nuser" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh index 2bd37a43d..b1142cc4e 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh @@ -432,7 +432,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-005: Add revoked cert to a user rlAssertGrep "Subject: UID=revoke_$user2,E=revoke_$user2@example.org,CN=Revoke $user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_add_CA_useraddcert_005pkcs10.out" rlRun "pki -d $CERTDB_DIR/ \ - -n \"$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME)\" \ + -n $(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ @@ -1995,12 +1995,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0027: Adding a cert as CA_adminU rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) cert-show $cert_serialNumber_crmf --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0027crmf.out" 0 "Executing pki cert-show $cert_serialNumber_crmf" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0027crmf.out > $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027pkcs10.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0027crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_adminUTCA" @@ -2045,12 +2045,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0028: Adding a cert as CA_agentU rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) cert-show $cert_serialNumber_crmf --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0028crmf.out" 0 "Executing pki cert-show $cert_serialNumber_crmf" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0028crmf.out > $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028pkcs10.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -t ca -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0028crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as CA_agentUTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh index e4d7e7515..8b526a470 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh @@ -47,23 +47,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) @@ -470,12 +462,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0014: Delete certs assigned to a user - as role_user_UTCA should fail" i=1 - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" @@ -487,12 +479,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlPhaseStartTest "pki_user_cli_user_cert-del-CA-0015: Delete certs assigned to a user - as role_user_UTCA should fail" i=1 - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-del $user1 '2;${serialdecuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-del $user1 '2;${serialdecuser1_crmf[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication using cert role_user_UTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh index e1d5666b9..6a24e9e93 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh @@ -49,23 +49,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) @@ -1010,7 +1002,7 @@ rlPhaseEnd #### Find certs assigned to a CA user - authenticating as a user whose CA cert has not been trusted ### rlPhaseStartTest "pki_user_cli_user_cert-find-CA-029: Find the certs of a user as role_user_UTCA should fail" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-find $user2" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as role_user_UTCA" @@ -1020,7 +1012,7 @@ rlPhaseEnd #### Find certs assigned to a CA user - authenticating as a user whose CA cert has not been trusted ### rlPhaseStartTest "pki_user_cli_user_cert-find-CA-030: Find the certs of a user as role_user_UTCA should fail" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-find $user2" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as role_user_UTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh index 6f4a8bab6..5c512b69d 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh @@ -48,23 +48,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) @@ -856,12 +848,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" ##### Show certs asigned to a user - as role_user_UTCA ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0027: Show certs assigned to a user - as role_user_UTCA should fail" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" @@ -872,12 +864,12 @@ local TEMP_NSS_DB_PASSWD="redhat123" ##### Show certs asigned to a user - as role_user_UTCA ##### rlPhaseStartTest "pki_user_cli_user_cert-show-CA-0028: Show certs assigned to a user - as role_user_UTCA should fail" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized"" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" - command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD user-cert-show $user2 '2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US'" errmsg="PKIException: Unauthorized"" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when authenticating as role_user_UTCA" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh index 00d68e94d..b8d50069e 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh @@ -54,23 +54,15 @@ SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) @@ -197,8 +189,8 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-004:--email with characters and numbe rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod-CA-005:--email with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` - + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -367,7 +359,8 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-009:--email as number 0 " rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod-CA-011:--state with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -534,7 +527,8 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-015:--state as number 0 " rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod-CA-017:--phone with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -548,7 +542,9 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-017:--phone with maximum length and s rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod-CA-018:--phone with maximum length and numbers only " - randsym=`cat /dev/urandom | tr -dc '0-9' | fold -w 1024 | head -n 1` + randhex=$(openssl rand -hex 1024 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) rlLog "Executing: pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -887,10 +883,11 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-mod-ca-039_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-mod-ca-039_1.out" command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --phone=\"\" u16" - errmsg="BadRequestException: Invalid DN syntax." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --phone is empty" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlRun "$command > $TmpDir/pki-user-mod-ca-039_2.out" 0 "Modify user with phone is empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-user-mod-ca-039_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-mod-ca-039_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-mod-ca-039_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-mod-ca-039_2.out" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod-CA-040: Modify a user in CA using ROOTCA_adminV - state is empty" @@ -905,10 +902,10 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-036: Modify a user -- User ID does n rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-mod-ca-040_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-mod-ca-040_1.out" command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --state=\"\" u16" - errmsg="BadRequestException: Invalid DN syntax." - errorcode=255 - rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify User --state is empty" - rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlRun "$command > $TmpDir/pki-user-mod-ca-040_2.out" 0 "Modify user with empty state" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-user-mod-ca-040_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-mod-ca-040_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-mod-ca-040_2.out" rlPhaseEnd ##### Tests to modify CA users with the same value #### @@ -1029,7 +1026,19 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ca-user-00$i.out" let i=$i+1 done - + j=1 + while [ $j -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del usr$j > $TmpDir/pki-user-del-ca-usr-00$j.out" \ + 0 \ + "Deleted user usr$j" + rlAssertGrep "Deleted user \"usr$j\"" "$TmpDir/pki-user-del-ca-usr-00$j.out" + let j=$j+1 + done j=1 while [ $j -lt 2 ] ; do eval usr=\$user$j diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh index d2fb5291d..cf89b7c88 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh @@ -53,30 +53,12 @@ run_pki-user-cli-user-cert-add-kra_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +caId=$4 +caHost=$5 +CA_HOST=$(eval echo \$${caHost}) +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) ##### Create a temporary directory to save output files and initializing host/port variables ##### rlPhaseStartSetup "pki_user_cli_user_cert-add-kra-startup: Create temporary directory and initializing host/port variables" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -100,8 +82,9 @@ eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ca_admin_cert_nickname=$ROOTCA_ADMIN_CERT_NICKNAME -ROOTCA_agent_user="ROOTCA_agentV" +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV ##### Tests to add certs to KRA users #### @@ -111,8 +94,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a us rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user2fullname\" $user2" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -128,24 +111,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a us rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -161,31 +144,31 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a us rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $user2" rlPhaseEnd @@ -197,8 +180,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a us rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 4 ] ; do @@ -215,24 +198,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a us rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" \ 0 \ "PKCS10 Cert is added to the user $user1" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -248,24 +231,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a us rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ 0 \ "CRMF Cert is added to the user $user1" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" let i=$i+1 @@ -278,8 +261,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-004: Adding expired cert to a u rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user2fullname\" $user2" local validityperiod="1 day" @@ -300,7 +283,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-004: Adding expired cert to a u rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_kra_user_cert_add_expiredcert_004pkcs10.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004pkcs10.pem" errmsg="BadRequestException: Certificate expired" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" @@ -326,7 +309,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-004: Adding expired cert to a u rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out > $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" errmsg="BadRequestException: Certificate expired" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" @@ -353,30 +336,30 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-005: Add revoked cert to a user rlRun "pki -d $CERTDB_DIR/ \ -n \"$ca_admin_cert_nickname\" \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -392,30 +375,30 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-005: Add revoked cert to a user rlRun "pki -d $CERTDB_DIR/ \ -n \"$ca_admin_cert_nickname\" \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" rlPhaseEnd @@ -442,12 +425,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-006-tier1: Add one cert to a us rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" @@ -459,18 +442,18 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-007-tier1: Add one cert to rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New User1\" u1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $user2" errmsg="Error: Missing input file or serial number." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del u1" rlPhaseEnd @@ -478,7 +461,7 @@ rlPhaseEnd ##### Add one cert to a user - argument for --input parameter missing ##### rlPhaseStartTest "pki_user_cli_user_cert-add-kra-008: Add one cert to a user should fail when argument for the --input param is missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $user2 --input" errmsg="Error: Missing argument for option: input" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" @@ -506,13 +489,13 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-009: Add one cert to a user sho rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_009crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" errmsg="PKIException: Certificate exception" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" errmsg="PKIException: Certificate exception" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" @@ -520,7 +503,7 @@ rlPhaseEnd ##### Add one cert to a user - Input file does not exist ##### rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0010: Add one cert to a user should fail when Input file does not exist " - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/tempfile.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $user2 --input $TmpDir/tempfile.pem" errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" @@ -542,24 +525,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0011: Add one cert to a user - rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -575,24 +558,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0011: Add one cert to a user - rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" rlPhaseEnd @@ -603,8 +586,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0012: Add cert to a user of typ rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" --type=Auditors $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -620,24 +603,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0012: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -653,31 +636,31 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0012: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -689,8 +672,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -706,24 +689,24 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -739,31 +722,31 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -775,8 +758,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0014: Add cert to a user of typ rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -792,24 +775,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0014: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -825,31 +808,31 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0014: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -861,8 +844,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -878,24 +861,24 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -911,31 +894,31 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out 2>&1" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -947,8 +930,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0016: Add cert to a user of typ rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -964,24 +947,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0016: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -997,31 +980,31 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0016: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" rlRun "pki -d $CERTDB_DIR \ - -n $(eval echo \$${subsystemId}_adminV_user) \ + -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -1033,8 +1016,8 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1050,24 +1033,24 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1083,31 +1066,31 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -1119,8 +1102,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0018: Add cert to a user of typ rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1136,24 +1119,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0018: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1169,31 +1152,31 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0018: Add cert to a user of typ rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -1206,32 +1189,32 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"Admin User\" --password=Secret123 admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-add Administrators admin_user > $TmpDir/pki-kra-user-add-group0019.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-add Administrators admin_user1 > $TmpDir/pki-kra-user-add-group00191.out" @@ -1260,39 +1243,39 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user admin_user" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"New Test User1\" new_test_user1" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_add_useradd_0019.out 2>&1" \ 0 \ @@ -1304,36 +1287,36 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" \ 0 \ "CRMF Cert is added to the user admin_user" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User2\" new_test_user2" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ kra-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out 2>&1" \ 0 \ "Adding a new user as admin_user" @@ -1344,47 +1327,47 @@ rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"a rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-del Administrators admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-del Administrators admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del new_test_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del new_test_user2" rlPhaseEnd @@ -1397,8 +1380,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-KRA-0020: Adding a cert as a KRA ag rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1424,12 +1407,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-KRA-0020: Adding a cert as a KRA ag rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid KRA agent user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid KRA agent user" @@ -1444,8 +1427,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0021: Adding a cert as valid KR rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1471,12 +1454,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0021: Adding a cert as valid KR rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a KRA auditor user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " @@ -1490,8 +1473,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0022: Adding a cert as KRA_admi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1521,12 +1504,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0022: Adding a cert as KRA_admi rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" @@ -1543,8 +1526,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0023: Adding a cert as an admin rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1570,12 +1553,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0023: Adding a cert as an admin rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" @@ -1591,8 +1574,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0024: Adding a cert as an agent rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1618,12 +1601,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0024: Adding a cert as an agent rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" @@ -1639,8 +1622,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0025: Adding a cert as agent us rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1670,12 +1653,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0025: Adding a cert as agent us rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" @@ -1692,8 +1675,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0026: Adding a cert as role_use rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ kra-user-add --fullName=\"$userFullname\" $userid" @@ -1711,20 +1694,20 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0026: Adding a cert as role_use local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "pki -h $KRA_HOST -p $KRA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) - rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "pki -h $KRA_HOST -p $KRA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" @@ -1740,8 +1723,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0027: Adding a cert as KRA_agen rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ kra-user-add --fullName=\"$userFullname\" $userid" @@ -1767,12 +1750,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0027: Adding a cert as KRA_agen rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_agentUTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user KRA_agentUTCA" @@ -1788,8 +1771,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-KRA-add-0028: Adding a cert as KRA_oper rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1815,12 +1798,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-KRA-add-0028: Adding a cert as KRA_oper rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" @@ -1835,8 +1818,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-KRA-add-0029: Adding a cert as user not rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$userFullname\" $userid" @@ -1862,12 +1845,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-KRA-add-0029: Adding a cert as user not rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" - command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" - command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" @@ -1890,24 +1873,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0030: Add one cert to a user - rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1923,24 +1906,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0030: Add one cert to a user - rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" \ 0 \ "CRMF Cert is added to the user $user2" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" rlPhaseEnd @@ -1952,8 +1935,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with - rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$username\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -1966,24 +1949,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with - rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_pkcs10_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -1996,30 +1979,30 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with - rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_crmf_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -2032,8 +2015,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0032: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$username\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -2046,24 +2029,24 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0032: Add one cert to a user wi rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" \ 0 \ "PKCS10 Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ @@ -2076,31 +2059,31 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0032: Add one cert to a user wi rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" \ 0 \ "CRMF Cert is added to the user $userid" - rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -2113,8 +2096,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0033: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$username\" $userid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -2129,11 +2112,11 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0033: Add one cert to a user wi rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" errmsg="Error: Conflicting options: --input and --serial." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" @@ -2151,11 +2134,11 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0033: Add one cert to a user wi rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" errmsg="Error: Conflicting options: --input and --serial." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" @@ -2163,8 +2146,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0033: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -2178,11 +2161,11 @@ rlPhaseStartTest "pki_user_cli_kra_user_cert-add-0034: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$username\" $userid" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --serial=-100" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --serial=-100" errmsg="CertNotFoundException: Certificate ID $dectohex not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" @@ -2190,8 +2173,8 @@ rlPhaseStartTest "pki_user_cli_kra_user_cert-add-0034: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -2204,11 +2187,11 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0035: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$username\" $userid" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --serial" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --serial" errmsg="Error: Missing argument for option: serial" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" @@ -2216,8 +2199,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0035: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -2230,11 +2213,11 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0036: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$username\" $userid" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --serial='abc'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-add $userid --serial='abc'" errmsg="NumberFormatException: For input string: \"abc\"" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " @@ -2242,8 +2225,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0036: Add one cert to a user wi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $userid" rlPhaseEnd @@ -2371,8 +2354,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ @@ -2386,8 +2369,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $usr > $TmpDir/pki-user-del-kra-new-user-00$j.out" \ 0 \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh index ba98ef7d7..71465363b 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh @@ -53,29 +53,12 @@ run_pki-user-cli-user-cert-delete-kra_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +caId=$4 +caHost=$5 +CA_HOST=$(eval echo \$${caHost}) +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) ##### Create temporary directory to save output files##### rlPhaseStartSetup "pki_user_cli_user_cert-del-kra-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -101,8 +84,8 @@ eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ROOTCA_agent_user="ROOTCA_agentV" - +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) ##### Tests to delete certs assigned to KRA users #### ##### Delete certs asigned to a user - valid Cert ID and User ID ##### @@ -112,8 +95,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 4 ] ; do @@ -149,8 +132,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ 0 \ @@ -159,8 +142,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ 0 \ @@ -171,44 +154,44 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002pkcs10.out" \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002pkcs10.out" \ 0 \ "Delete cert assigned to $user1" - rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002pkcs10.out" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002crmf.out" \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002crmf.out" \ 0 \ "Delete cert assigned to $user1" - rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002crmf.out" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002crmf.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $user1" rlPhaseEnd @@ -220,8 +203,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 4 ] ; do @@ -257,8 +240,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ 0 \ @@ -267,8 +250,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ 0 \ @@ -277,13 +260,13 @@ ROOTCA_agent_user="ROOTCA_agentV" done i=0 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" rlLog "Executing: $command" errmsg="PKIException: Failed to modify user." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" rlLog "Executing: $command" errmsg="PKIException: Failed to modify user." errorcode=255 @@ -295,13 +278,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-004: pki user-cert-del should fail if a non-existing User ID is provided" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: User not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: User not found" errorcode=255 @@ -315,17 +298,17 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user2fullname\" $user2" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: Certificate not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ResourceNotFoundException: Certificate not found" errorcode=255 @@ -336,13 +319,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-006-tier1: pki user-cert-del should fail if User ID is not provided" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="Error: Incorrect number of arguments specified." errorcode=255 @@ -352,7 +335,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Delete certs asigned to a user - no Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-del-kra-007-tier1: pki user-cert-del should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1" rlLog "Executing: $command" errmsg="Error: Incorrect number of arguments specified." errorcode=255 @@ -363,13 +346,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-008: Delete certs assigned to a user - as KRA_agentV should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid agent cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -380,13 +363,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-009: Delete certs assigned to a user - as KRA_auditorV should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -402,13 +385,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -425,13 +408,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -445,13 +428,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0012: Delete certs assigned to a user - as KRA_adminR should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -464,13 +447,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-0013: Delete certs assigned to a user - as KRA_agentR should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -483,13 +466,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0014: Delete certs assigned to a user - as role_user_UTCA should fail" i=1 - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -502,13 +485,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-KRA-0015: Delete certs assigned to a user - as KRA_operatorV should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -519,13 +502,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" i=1 - command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" - command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" rlLog "Executing: $command" errmsg="ForbiddenException: Authorization Error" errorcode=255 @@ -538,13 +521,13 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0017: Delete certs assigned to a user - switch positions of the required options" i=1 - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" rlLog "Executing: $command" errmsg="Error:" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" - command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" rlLog "Executing: $command" errmsg="Error:" errorcode=255 @@ -587,8 +570,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_0019.out" \ 0 \ @@ -597,8 +580,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_0019.out" \ 0 \ @@ -606,38 +589,38 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019pkcs10.out" \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019pkcs10.out" \ 0 \ "Delete cert assigned to $user2" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019pkcs10.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019crmf.out" \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019crmf.out" \ 0 \ "Delete cert assigned to $user2" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019crmf.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019crmf.out" rlPhaseEnd ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### @@ -646,32 +629,32 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"Admin User\" --password=Secret123 admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-add Administrators admin_user > $TmpDir/pki-user-add-kra-group0019.out" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-kra-group00191.out" @@ -700,15 +683,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020pkcs10.out" \ 0 \ @@ -718,15 +701,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"New Test User1\" new_test_user1" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user-pkcs10 \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_del_useradd_0020.out 2>&1" \ 0 \ @@ -738,15 +721,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020pkcs10.out" \ + user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020pkcs10.out" \ 0 \ "Delete cert assigned to admin_user" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020pkcs10.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020pkcs10.out" - command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT -t kra user-add --fullName='New Test User6' new_test_user6" + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName='New Test User6' new_test_user6" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -755,15 +738,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020crmf.out" \ 0 \ @@ -773,15 +756,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"New Test User2\" new_test_user2" rlRun "pki -d $TEMP_NSS_DB/ \ -n admin-user1-crmf \ -c $TEMP_NSS_DB_PASSWD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out 2>&1" \ 0 \ @@ -793,15 +776,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020crmf.out" \ + user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020crmf.out" \ 0 \ "Delete cert assigned to admin_user1" - rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020crmf.out" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020crmf.out" - command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT -t kra user-add --fullName='New Test User6' new_test_user6" + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $KRA_HOST -p $KRA_PORT -t kra user-add --fullName='New Test User6' new_test_user6" rlLog "Executing: $command" errmsg="PKIException: Unauthorized" errorcode=255 @@ -810,47 +793,47 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-del Administrators admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ group-member-del Administrators admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del admin_user" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del admin_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del new_test_user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del new_test_user2" rlPhaseEnd @@ -864,8 +847,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh index 158b2a547..6cf953e8a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh @@ -53,30 +53,12 @@ run_pki-user-cli-user-cert-find-kra_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +caId=$4 +caHost=$5 +CA_HOST=$(eval echo \$${caHost}) +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) #####Create temporary dir to save the output files##### rlPhaseStartSetup "pki_user_cli_user_cert-find-kra-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -103,9 +85,9 @@ eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME -ROOTCA_agent_user="ROOTCA_agentV" -admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) - +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) ##### Find certs assigned to a KRA user - with userid argument - this user has only a single page of certs #### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-002: Find the certs of a user in KRA --userid only - single page of certs" @@ -113,8 +95,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-002: Find the certs of a user rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 2 ] ; do @@ -145,15 +127,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-002: Find the certs of a user rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ 0 \ @@ -162,15 +144,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-002: Find the certs of a user rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ 0 \ @@ -180,15 +162,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-002: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_002.out" \ 0 \ @@ -198,16 +180,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-002: Find the certs of a user rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_002.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_002.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" let i=$i+1 @@ -221,8 +203,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-003: Find the certs of a user rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user2fullname\" $user2" while [ $i -lt 12 ] ; do @@ -253,15 +235,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-003: Find the certs of a user rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ 0 \ @@ -270,15 +252,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-003: Find the certs of a user rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ 0 \ @@ -288,15 +270,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-003: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 > $TmpDir/pki_kra_user_cert_find_003.out" \ 0 \ @@ -305,16 +287,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-003: Find the certs of a user rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_003.out" i=0 while [ $i -lt 10 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_003.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" let i=$i+1 @@ -325,7 +307,7 @@ rlPhaseEnd ##### Find certs assigned to a KRA user - with userid argument - user id does not exist #### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-004: Find the certs of a user in KRA --userid only - user does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find tuser" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find tuser" errmsg="UserNotFoundException: User tuser not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" @@ -337,22 +319,22 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-005: Find the certs of a user rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user3fullname\" $user3" rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user3" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user3 > $TmpDir/pki_kra_user_cert_find_005.out" \ 0 \ @@ -366,31 +348,31 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-006: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --size=2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --size=2 > $TmpDir/pki_kra_user_cert_find_006.out" \ 0 \ "Finding certs assigned to $user1" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_006.out" i=0 - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_kra_user_cert_find_006.out" @@ -402,15 +384,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-007: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --size=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --size=0 > $TmpDir/pki_kra_user_cert_find_007.out" \ 0 \ @@ -422,7 +404,7 @@ rlPhaseEnd ##### Find certs assigned to a KRA user - with --size=-1 #### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-008: Find the certs of a user in KRA --size=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user1 --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user1 --size=-1" errmsg="The value for size shold be greater than or equal to 0" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" @@ -435,15 +417,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-009: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --size=50" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --size=50 > $TmpDir/pki_kra_user_cert_find_009.out" \ 0 \ @@ -452,16 +434,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-009: Find the certs of a user rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_009.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_009.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" let i=$i+1 @@ -474,15 +456,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-010: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $ruser1 --start=2" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --start=2 > $TmpDir/pki_kra_user_cert_find_0010.out" \ 0 \ @@ -490,16 +472,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-010: Find the certs of a user rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0010.out" let newnumcerts=$numcertsuser1-2 i=1 - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_kra_user_cert_find_0010.out" @@ -511,15 +493,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-011: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --start=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --start=0 > $TmpDir/pki_kra_user_cert_find_0011.out" \ 0 \ @@ -528,16 +510,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-011: Find the certs of a user rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0011.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0011.out" rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" let i=$i+1 @@ -550,15 +532,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-012: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=0 > $TmpDir/pki_kra_user_cert_find_0012.out" \ 0 \ @@ -566,16 +548,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-012: Find the certs of a user rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0012.out" i=0 while [ $i -lt 10 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0012.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" let i=$i+1 @@ -586,7 +568,7 @@ rlPhaseEnd ##### Find certs assigned to a KRA user - with --start=-1 #### rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-013: Find the certs of a user in KRA --start=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user1 --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user1 --start=-1" errmsg="The value for size shold be greater than or equal to 0" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" @@ -599,15 +581,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-014: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --start=50" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --start=50 > $TmpDir/pki_kra_user_cert_find_0014.out" \ 0 \ @@ -622,15 +604,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-015: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --start=0 --size=0" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_kra_user_cert_find_0015.out" \ 0 \ @@ -648,8 +630,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-016: Find the certs of a user rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$newuserfullname\" $newuserid" while [ $i -lt 2 ] ; do @@ -680,15 +662,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-016: Find the certs of a user rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ 0 \ @@ -697,15 +679,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-016: Find the certs of a user rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ 0 \ @@ -715,15 +697,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-016: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $newuserid" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $newuserid > $TmpDir/pki_kra_user_cert_find_0016.out" \ 0 \ @@ -733,16 +715,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-016: Find the certs of a user rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0016.out" i=0 while [ $i -lt 2 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0016.out" rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" let i=$i+1 @@ -750,8 +732,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-016: Find the certs of a user rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $newuserid" rlPhaseEnd @@ -759,7 +741,7 @@ rlPhaseEnd ##### Find certs assigned to a KRA user - with --size=-1 and size=-1 #### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-017: Find the certs of a user in KRA --start=-1 and size=-1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user1 --start=-1 --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user1 --start=-1 --size=-1" errmsg="The value for size and start should be greater than or equal to 0" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" @@ -773,15 +755,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-018: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=20 --size=20" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_kra_user_cert_find_0018.out" \ 0 \ @@ -789,16 +771,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-018: Find the certs of a user rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0018.out" i=10 while [ $i -lt 12 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0018.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" let i=$i+1 @@ -812,15 +794,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-019: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=0 --size=20" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_kra_user_cert_find_0019.out" \ 0 \ @@ -828,16 +810,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-019: Find the certs of a user rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0019.out" i=0 while [ $i -lt 10 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0019.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" let i=$i+1 @@ -851,25 +833,25 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-020: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=22 --size=1" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_kra_user_cert_find_0020.out" \ 0 \ "Finding certs assigned to $user2" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0020.out" i=11 - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0020.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_kra_user_cert_find_0020.out" rlPhaseEnd @@ -880,15 +862,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-021: Find the certs of a user rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=22 --size=10" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_kra_user_cert_find_0021.out" \ 0 \ @@ -896,16 +878,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-021: Find the certs of a user rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0021.out" i=11 while [ $i -lt 12 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" - rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0021.out" rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" let i=$i+1 @@ -938,8 +920,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-022: Find certs assigned to us rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ 0 \ @@ -948,8 +930,8 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-022: Find certs assigned to us rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ 0 \ @@ -958,30 +940,30 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-022: Find certs assigned to us rlLog "Executing: pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_0022.out" \ 0 \ "Finding certs assigned to $user1" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0022.out" rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0022.out" @@ -990,7 +972,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a valid agent user #### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-023: Find the certs of a user as KRA_agentV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message user-cert-find should fail when authenticated as a valid agent user" @@ -999,7 +981,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a valid auditor user #### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-024: Find the certs of a user as KRA_auditorV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid auditor user" @@ -1011,7 +993,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-025: Find the certs of a user rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with an expired cert" @@ -1022,7 +1004,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as an admin user with revoked cert ### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-026: Find the certs of a user as KRA_adminR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with a revoked cert" @@ -1033,7 +1015,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as an agent user with revoked cert ### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-027: Find the certs of a user as KRA_agentR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" @@ -1047,7 +1029,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-028: Find the certs of a user rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with an expired cert" @@ -1058,7 +1040,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a user whose KRA cert has not been trusted ### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-029: Find the certs of a user as role_user_UTCA should fail" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" @@ -1067,7 +1049,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a valid operator user ### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-030: Find the certs of a user as operatorV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as operatorV" @@ -1076,7 +1058,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - authenticating as a user not associated with any role ### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-031: Find the certs of a user as a user not associated with any role, should fail" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find $user2" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" @@ -1086,7 +1068,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - userid is missing ### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-032: Find the certs of a user - userid missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail without User ID" @@ -1095,7 +1077,7 @@ rlPhaseEnd #### Find certs assigned to a KRA user - user id missing with --start and --size options ### rlPhaseStartTest "pki_user_cli_user_cert-find-kra-033: Find the certs of a user - userid missing with --start and --size options" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find --start=1 --size=1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-find --start=1 --size=1" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail without User ID" @@ -1110,8 +1092,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh index bb2aed736..8864820b2 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh @@ -53,30 +53,13 @@ run_pki-user-cli-user-cert-show-kra_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +caId=$4 +caHost=$5 +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +CA_HOST=$(eval echo \$${caHost}) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) ##### Create temporary directory to save output files ##### rlPhaseStartSetup "pki_user_cli_user_cert-show-kra-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -102,7 +85,7 @@ eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -ROOTCA_agent_user="ROOTCA_agentV" +ROOTCA_agent_user=${caId}_agentV ##### Tests to find certs assigned to KRA users #### @@ -112,8 +95,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user2fullname\" $user2" @@ -143,15 +126,15 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002.out" \ 0 \ @@ -159,32 +142,32 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002.out" \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002.out" \ 0 \ "Show cert assigned to $user2" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002crmf.out" \ 0 \ @@ -192,25 +175,25 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" \ 0 \ "Show cert assigned to $user2" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" rlPhaseEnd @@ -218,12 +201,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-show-kra-003: pki user-cert-show should fail if an invalid Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" @@ -234,12 +217,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlPhaseStartTest "pki_user_cli_user_cert-show-kra-004: pki user-cert-show should fail if a non-existing User ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="UserNotFoundException: User testuser4 not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non-existing User ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="UserNotFoundException: User testuser4 not found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing User ID is provided" @@ -252,17 +235,17 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user1fullname\" $user1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user1" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user1" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" @@ -271,7 +254,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - no User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-006-tier1: pki user-cert-show should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" @@ -284,19 +267,19 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"New User1\" u16" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show u16" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del u16" rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" @@ -308,24 +291,24 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --encoded option" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" @@ -342,25 +325,25 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" \ 0 \ "Show cert assigned to $user2 with --encoded option" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" @@ -378,12 +361,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --encoded option - no User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-009: pki user-cert-show with --encoded option should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" @@ -394,7 +377,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --encoded option - no Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0010: pki user-cert-show with --encoded option should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 --encoded" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 --encoded" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when Cert ID is not provided" @@ -407,17 +390,17 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --output option" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" @@ -431,27 +414,27 @@ ROOTCA_agent_user="ROOTCA_agentV" else rlFail "Serial number does not match" fi - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" \ 0 \ "Show cert assigned to $user2 with --output option" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" @@ -465,11 +448,11 @@ ROOTCA_agent_user="ROOTCA_agentV" else rlFail "Serial number does not match" fi - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" rlPhaseEnd @@ -477,12 +460,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - no User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-0012: pki user-cert-show with --output option should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" @@ -493,7 +476,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - no Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0013: pki user-cert-show with --output option should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when Cert ID is not provided" @@ -503,12 +486,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - Directory does not exist ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0014: pki user-cert-show with --output option should fail if directory does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" @@ -518,12 +501,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0015: pki user-cert-show with --output option should fail if argument for --option is missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" errmsg="Error: Missing argument for option: output" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" errmsg="Error: Missing argument for option: output" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" @@ -536,24 +519,24 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --pretty option" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" @@ -564,24 +547,24 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" \ 0 \ "Show cert assigned to $user2 with --pretty option" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" @@ -593,12 +576,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --pretty option - no User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0017: pki user-cert-show with --pretty option should fail if User ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" @@ -609,7 +592,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user with --pretty option - no Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0018: pki user-cert-show with --pretty option should fail if Cert ID is not provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 --pretty" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 --pretty" errmsg="Error: Incorrect number of arguments specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when Cert ID is not provided" @@ -624,8 +607,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$newuserfullname\" $newuserid" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ @@ -655,40 +638,40 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019" + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --pretty --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" @@ -711,24 +694,24 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019" + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" \ 0 \ "Show cert assigned to $user2 with --pretty --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" @@ -751,8 +734,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $newuserid" rlPhaseEnd @@ -760,12 +743,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA_agentV ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0020: Show certs assigned to a user - as KRA_agentV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" @@ -774,12 +757,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA_auditorV ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0021: Show certs assigned to a user - as KRA_auditorV should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" @@ -791,12 +774,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" @@ -811,12 +794,12 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" @@ -828,12 +811,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA_adminR ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0024: Show certs assigned to a user - as KRA_adminR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" @@ -844,12 +827,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA_agentR ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0025: Show certs assigned to a user - as KRA_agentR should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" @@ -860,12 +843,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as role_user_UTCA ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0026: Show certs assigned to a user - as role_user_UTCA should fail" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" @@ -874,12 +857,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as KRA operator user ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0027: Show certs assigned to a user - as KRA operator user should fail" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" @@ -891,24 +874,24 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028" + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" \ 0 \ "Show cert assigned to $user2 with --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" @@ -926,24 +909,24 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028" + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" \ 0 \ "Show cert assigned to $user2 with --encoded and --output options" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" @@ -963,12 +946,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - as a user not associated with any role##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0029: Show certs assigned to a user - as a user not associated with any role, should fail" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" - command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" @@ -978,7 +961,7 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - switch position of the required options##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0030: Show certs assigned to a user - switch position of the required options" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" errmsg="User Not Found" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when required options are switched positions" @@ -988,12 +971,12 @@ ROOTCA_agent_user="ROOTCA_agentV" ##### Show certs asigned to a user - incomplete Cert ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" errmsg="ResourceNotFoundException: No certificates found for $user2" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" @@ -1029,8 +1012,8 @@ ROOTCA_agent_user="ROOTCA_agentV" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_0032.out" \ 0 \ @@ -1038,31 +1021,31 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" \ 0 \ "Show cert assigned to $user1" - rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_crmf_0032.out" \ 0 \ @@ -1070,24 +1053,24 @@ ROOTCA_agent_user="ROOTCA_agentV" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" rlRun "pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ - user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" \ 0 \ "Show cert assigned to $user1" - rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" - rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" - rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" rlPhaseEnd @@ -1101,8 +1084,8 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh index fd4c4f655..d608d2516 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh @@ -52,30 +52,11 @@ run_pki-user-cli-user-mod-kra_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 +caId=$4 -if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi -else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) -fi - -CA_HOST=$(eval echo \$${MYROLE}) -CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) - +KRA_HOST=$(eval echo \$${MYROLE}) +KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) #####Create temporary dir to save the output files ##### rlPhaseStartSetup "pki_user_cli_user_mod_kra-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -116,22 +97,22 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user1fullname\" $user1" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$user1_mod_fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-002.out" \ 0 \ @@ -147,15 +128,15 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-kra-user-mod-003.out" \ 0 \ @@ -177,22 +158,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-004:--email with characters and numb rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u1" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-kra-user-mod-004.out" \ 0 \ @@ -206,27 +187,27 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-004:--email with characters and numb #### Modify a user's email with maximum length and symbols #### rlPhaseStartTest "pki_user_cli_user_mod_kra-005:--email with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` - + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u2" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=\"$randsym\" u2" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=\"$randsym\" u2 > $TmpDir/pki-kra-user-mod-005.out" \ 0 \ @@ -249,22 +230,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-004:--email with characters and numb rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u3" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email # u3" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=# u3 > $TmpDir/pki-kra-user-mod-006.out" \ 0 \ @@ -281,22 +262,22 @@ rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u4" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email * u4" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=* u4 > $TmpDir/pki-kra-user-mod-007.out" \ 0 \ @@ -313,22 +294,22 @@ rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u5" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email $ u5" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=$ u5 > $TmpDir/pki-kra-user-mod-008.out" \ 0 \ @@ -345,22 +326,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-009:--email as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u6" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email 0 u6" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=0 u6 > $TmpDir/pki-kra-user-mod-009.out " \ 0 \ @@ -377,22 +358,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-009:--email as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u7" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-kra-user-mod-010.out" \ 0 \ @@ -406,26 +387,27 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-009:--email as number 0 " #### Modify a user's state with maximum length and symbols #### rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u8" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state=\"$randsym\" u8" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state=\"$randsym\" u8 > $TmpDir/pki-kra-user-mod-011.out" \ 0 \ @@ -448,22 +430,22 @@ rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symb rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u9" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state # u9" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state=# u9 > $TmpDir/pki-kra-user-mod-012.out" \ 0 \ @@ -480,22 +462,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-013:--state with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u10" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state * u10" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state=* u10 > $TmpDir/pki-kra-user-mod-013.out" \ 0 \ @@ -512,22 +494,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-013:--state with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u11" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state $ u11" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state=$ u11 > $TmpDir/pki-kra-user-mod-014.out" \ 0 \ @@ -544,22 +526,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-015:--state as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u12" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state 0 u12" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --state=0 u12 > $TmpDir/pki-kra-user-mod-015.out " \ 0 \ @@ -576,22 +558,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-015:--state as number 0 " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u13" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-kra-user-mod-016.out" \ 0 \ @@ -605,15 +587,16 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-015:--state as number 0 " #### Modify a user's phone with maximum length and symbols #### rlPhaseStartTest "pki_user_cli_user_mod_kra-017:--phone with maximum length and symbols " - randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + randsym_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test usr1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone='$randsym' usr1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --phone='$randsym' usr1" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" @@ -622,19 +605,21 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-017:--phone with maximum length and #### Modify a user's phone with maximum length and numbers only #### rlPhaseStartTest "pki_user_cli_user_mod_kra-018:--phone with maximum length and numbers only " - randsym=`cat /dev/urandom | tr -dc '0-9' | fold -w 1024 | head -n 1` + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --phone=\"$randsym\" usr1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-kra-user-mod-018.out"\ 0 \ @@ -651,11 +636,11 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-018:--phone with maximum length and rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test usr2" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone=\"#\" usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --phone=\"#\" usr2" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" @@ -667,11 +652,11 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-020:--phone with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test usr3" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone=\"*\" usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --phone=\"*\" usr3" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" @@ -683,11 +668,11 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-020:--phone with * character " rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test usr4" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone $ usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --phone $ usr4" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" @@ -699,22 +684,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-022:--phone as negative number -1230 rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u14" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --phone -1230 u14" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --phone=-1230 u14 > $TmpDir/pki-kra-user-mod-022.out " \ 0 \ @@ -729,7 +714,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-022:--phone as negative number -1230 #### Modify a user - missing required option user id #### rlPhaseStartTest "pki_user_cli_user_mod_kra-023-tier1: Modify a user -- missing required option user id" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname'" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname'" errmsg="Error: No User ID specified." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" @@ -745,15 +730,15 @@ rlPhaseStartTest "pki_user_cli_user_mod-kra-024-tier1: Modify a user -- all opt rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=test u15" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$user1fullname\" \ --email $email \ @@ -765,8 +750,8 @@ rlPhaseStartTest "pki_user_cli_user_mod-kra-024-tier1: Modify a user -- all opt rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$user1fullname\" \ --email $email \ @@ -775,7 +760,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-kra-024-tier1: Modify a user -- all opt --state $state \ u15 > $TmpDir/pki-kra-user-mod-025.out" \ 0 \ - "Modify user u15 to CA -- all options provided" + "Modify user u15 to KRA -- all options provided" rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-kra-user-mod-025.out" rlAssertGrep "User ID: u15" "$TmpDir/pki-kra-user-mod-025.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-025.out" @@ -788,7 +773,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-kra-024-tier1: Modify a user -- all opt rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " userpw="pass" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod $user1 --fullName='$user1fullname' --password=$userpw" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod $user1 --fullName='$user1fullname' --password=$userpw" errmsg="PKIException: The password must be at least 8 characters" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" @@ -796,7 +781,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " ##### Tests to modify users using revoked cert##### rlPhaseStartTest "pki_user_cli_user_mod_kra-026: Should not be able to modify user using a revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1_mod_fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1_mod_fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" @@ -806,14 +791,14 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " ##### Tests to modify users using an agent user##### rlPhaseStartTest "pki_user_cli_user_mod_kra-028: Should not be able to modify user using a valid agent user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod_kra-029: Should not be able to modify user using an agent user with a revoked cert" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" @@ -826,7 +811,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" @@ -838,7 +823,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" @@ -848,7 +833,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " ##### Tests to modify users using audit users##### rlPhaseStartTest "pki_user_cli_user_mod_kra-032: Should not be able to modify user using an auditor user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" @@ -856,7 +841,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " ##### Tests to modify users using operator user### rlPhaseStartTest "pki_user_cli_user_mod_kra-033: Should not be able to modify user using an operator user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' $user1" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as KRA_operatorV" @@ -864,14 +849,14 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " ##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted KRA users##### rlPhaseStartTest "pki_user_cli_user_mod_kra-034: Should not be able to modify user using a cert created from a untrusted KRA role_user_UTCA" - command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' $user1" errmsg="PKIException: Unauthorized" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does not exist" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' u17" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName='$user1fullname' u17" errmsg="ResourceNotFoundException: No such object." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" @@ -883,8 +868,8 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -892,7 +877,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does --phone $phone \ --state $state \ u16" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName=\"\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --fullName=\"\" u16" errmsg="BadRequestException: Invalid DN syntax." errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" @@ -905,8 +890,8 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-show u16 > $TmpDir/pki-kra-user-mod-038_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-038_1.out" @@ -918,15 +903,15 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=\"\" u16" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=\"\" u16 > $TmpDir/pki-kra-user-mod-038_2.out" \ 0 \ @@ -944,8 +929,8 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-show u16 > $TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-039_1.out" @@ -953,7 +938,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-039_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-039_1.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone=\"\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --phone=\"\" u16" rlRun "$command" 0 "Successfully updated phone to empty value" rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" rlPhaseEnd @@ -964,15 +949,15 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-show u16 > $TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-040_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-040_1.out" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --state=\"\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --state=\"\" u16" rlRun "$command" 0 "Successfully updated phone to empty value" rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" rlPhaseEnd @@ -984,8 +969,8 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-show $user1 > $TmpDir/pki-kra-user-mod-041_1.out" rlAssertGrep "User \"$user1\"" "$TmpDir/pki-kra-user-mod-041_1.out" @@ -994,15 +979,15 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$user1_mod_fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-041_2.out" \ 0 \ @@ -1018,8 +1003,8 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-show u16 > $TmpDir/pki-kra-user-mod-042_1.out" rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-042_1.out" @@ -1029,15 +1014,15 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=\"$email\" u16" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --email=\"$email\" u16 > $TmpDir/pki-kra-user-mod-042_2.out" \ 0 \ @@ -1054,22 +1039,22 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-042: Modify a user's fullname having rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-add --fullName=\"$i18nuserfullname\" $i18nuser" rlLog "Executing: pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-kra-user-mod-043.out" \ 0 \ @@ -1082,7 +1067,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-042: Modify a user's fullname having ##### Tests to modify KRA users having i18n chars in email #### rlPhaseStartTest "pki_user_cli_user_mod_kra-043: Modify a user's email having i18n chars in KRA using an admin user" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --email=$i18nuser_mod_email $i18nuser" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --email=$i18nuser_mod_email $i18nuser" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" @@ -1097,8 +1082,8 @@ rlPhaseStartTest "pki_user_cli_user_kra_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ 0 \ @@ -1112,8 +1097,8 @@ rlPhaseStartTest "pki_user_cli_user_kra_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del usr$i > $TmpDir/pki-usr-del-kra-usr-00$i.out" \ 0 \ @@ -1128,8 +1113,8 @@ rlPhaseStartTest "pki_user_cli_user_kra_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ 0 \ @@ -1140,8 +1125,8 @@ rlPhaseStartTest "pki_user_cli_user_kra_cleanup: Deleting role users" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ - -h $CA_HOST \ - -p $CA_PORT \ + -h $KRA_HOST \ + -p $KRA_PORT \ -t kra \ user-del $i18nuser > $TmpDir/pki-user-del-kra-i18nuser-001.out" \ 0 \ diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 80feabed8..10c62250e 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -150,6 +150,24 @@ . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh . ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-add.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-mod.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-find.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-show.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-del.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-add.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-show.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-find.sh +. ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-del.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh +. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli.sh . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli-show.sh . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli-enable.sh |