diff options
author | Roshni Pattath <rpattath@redhat.com> | 2014-12-05 12:19:51 -0500 |
---|---|---|
committer | Roshni Pattath <rpattath@redhat.com> | 2014-12-05 12:20:50 -0500 |
commit | 7ed1c2e78f7531821c7e5a998b97ee1b7fb6b5a8 (patch) | |
tree | 19ad7ec8f8e9c62059efdc9fbf42c2c3895e96f0 /tests/dogtag | |
parent | 335046c3a66f1eaad159ab60b6731a81ad67946a (diff) | |
download | pki-7ed1c2e78f7531821c7e5a998b97ee1b7fb6b5a8.tar.gz pki-7ed1c2e78f7531821c7e5a998b97ee1b7fb6b5a8.tar.xz pki-7ed1c2e78f7531821c7e5a998b97ee1b7fb6b5a8.zip |
Some updates to the script for certutil
Diffstat (limited to 'tests/dogtag')
-rwxr-xr-x | tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh | 534 |
1 files changed, 530 insertions, 4 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh index 4d13f18d7..b2e508171 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh @@ -58,7 +58,6 @@ CA_HOST=$5 KRA_HOST=$(eval echo \$${MYROLE}) KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) - ##### Create temporary directory to save output files##### rlPhaseStartSetup "pki_kra_user_cli_kra_user_cert-del-startup: Create temporary directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" @@ -86,6 +85,534 @@ eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) ROOTCA_agent_user=${caId}_agentV + ##### pki_kra_user_cli_kra_user_cert_delete-configtest #### + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-configtest-001: pki kra-user-cert-del configuration test" + rlRun "pki kra-user-cert-del --help > $TmpDir/pki_kra_user_cert_del_cfg.out 2>&1" \ + 0 \ + "User cert delete configuration" + rlAssertGrep "usage: kra-user-cert-del <User ID> <Cert ID>" "$TmpDir/pki_kra_user_cert_del_cfg.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/pki_kra_user_cert_del_cfg.out" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/843" + rlPhaseEnd + + ##### Tests to delete certs assigned to KRA users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-003: pki kra-user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $KRA_HOST -p $KRA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-004: pki kra-user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-005: pki kra-user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-006-tier1: pki kra-user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-007-tier1: pki kra-user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-008: Delete certs assigned to a user - as KRA_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_auditorV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-009: Delete certs assigned to a user - as KRA_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_adminE ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0010: Delete certs assigned to a user - as KRA_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentE ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0011: Delete certs assigned to a user - as KRA_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_adminR ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0012: Delete certs assigned to a user - as KRA_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentR ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0013: Delete certs assigned to a user - as KRA_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_operatorV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0015: Delete certs assigned to a user - as KRA_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to KRA users - i18n characters #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $KRA_HOST \ + -p $KRA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019crmf.out" + rlPhaseEnd ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### @@ -118,7 +645,6 @@ ROOTCA_agent_user=${caId}_agentV -p $KRA_PORT \ kra-group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-kra-group00191.out" - rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ @@ -302,7 +828,7 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" let j=$j+1 done #Delete temporary directory - #rlRun "popd" - #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd } |