diff options
author | Roshni Pattath <rpattath@redhat.com> | 2014-11-06 12:35:13 -0500 |
---|---|---|
committer | Roshni Pattath <rpattath@redhat.com> | 2014-11-06 12:37:23 -0500 |
commit | 56e7c952140f39004903b0bd70beb2a67e8b3034 (patch) | |
tree | 31a312e9f48d36d3f610a00857845471930625db /tests | |
parent | 546573f8891716a67325d3c5c7f84ef53ca1cc4f (diff) | |
download | pki-56e7c952140f39004903b0bd70beb2a67e8b3034.tar.gz pki-56e7c952140f39004903b0bd70beb2a67e8b3034.tar.xz pki-56e7c952140f39004903b0bd70beb2a67e8b3034.zip |
KRA user-mod and user-cert cli commands and some fixes to ca group
Diffstat (limited to 'tests')
20 files changed, 13557 insertions, 25 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index 6c5db095b..070ca7a4a 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -99,6 +99,12 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh chmod a+x ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh chmod a+x ./acceptance/cli-tests/pki-tests-setup/cleanup-role-users.sh + #user KRA + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh #CA user chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-add.sh chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-show.sh @@ -113,6 +119,13 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-find.sh chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh + #KRA user + chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh + chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh + chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert.sh + chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh + chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh + chmod a+x ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh #cert CA chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert.sh chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-show.sh diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh index 196894cb4..b03408bdc 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh @@ -276,7 +276,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_ca_group_cli_ca_group_find-014: Find groups, --start with more than maximum possible input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 12 | head -n 1` command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT ca-group-find --start=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh index bf824f790..1f0349256 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh @@ -465,7 +465,7 @@ local cert_info="$TmpDir/cert_info" ca-user-cert-add testuser1 --input $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ 0 \ "Cert is added to the user testuser1" - command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD ca-user-add --fullName=test_user u39" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT ca-user-add --fullName=test_user u39" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "ca-user-add operation should fail when authenticating using a user cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh index 58d67dba0..96e6b83f4 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-delete.sh @@ -542,6 +542,8 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV errmsg="Error:" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ca-user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd ### Tests to delete certs assigned to CA users - i18n characters #### diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh index 220f423cb..d706c2099 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-cert-show.sh @@ -323,7 +323,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlLog "$(cat $TmpDir/pki_ca_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" rlRun "openssl x509 -in $TmpDir/pki_ca_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10" "$TmpDir/temp_out-openssl_pkcs10" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ @@ -349,7 +356,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlLog "$(cat $TmpDir/pki_ca_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" rlRun "openssl x509 -in $TmpDir/pki_ca_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF" "$TmpDir/temp_out-openssl_crmf" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlPhaseEnd ##### Show certs asigned to a user with --encoded option - no User ID ##### @@ -398,7 +412,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ca_user_cert_show_usercertshow_pkcs10_output.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ca_user_cert_show_usercertshow_pkcs10_output.out" rlRun "openssl x509 -in $TmpDir/pki_ca_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10" "$TmpDir/temp_out-openssl_pkcs10" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ca_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ca_user_cert_show_usershowcert_0011pkcs10.out" rlAssertGrep "Version: 2" "$TmpDir/pki_ca_user_cert_show_usershowcert_0011pkcs10.out" @@ -423,7 +444,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ca_user_cert_show_usercertshow_crmf_output.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ca_user_cert_show_usercertshow_crmf_output.out" rlRun "openssl x509 -in $TmpDir/pki_ca_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF" "$TmpDir/temp_out-openssl_crmf" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ca_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ca_user_cert_show_usershowcert_0011crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_ca_user_cert_show_usershowcert_0011crmf.out" @@ -618,7 +646,7 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -c $CERTDB_DIR_PASSWORD \ -h $CA_HOST \ -p $CA_PORT \ - ca-user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + ca-user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new > /tmp/newtest1 2>&1" rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ @@ -650,7 +678,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ca_user_cert_show_pkcs10_output0019" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ca_user_cert_show_pkcs10_output0019" rlRun "openssl x509 -in $TmpDir/ca_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10_new" "$TmpDir/temp_out-openssl_pkcs10" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ @@ -682,7 +717,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ca_user_cert_show_crmf_output0019" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ca_user_cert_show_crmf_output0019" rlRun "openssl x509 -in $TmpDir/ca_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF_new" "$TmpDir/temp_out-openssl_crmf" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ @@ -844,7 +886,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ca_user_cert_show_pkcs10_output0028" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ca_user_cert_show_pkcs10_output0028" rlRun "openssl x509 -in $TmpDir/ca_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10" "$TmpDir/temp_out-openssl_pkcs10" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlLog "Executing pki -d $CERTDB_DIR/ \ -n $(eval echo \$${subsystemId}_adminV_user) \ @@ -871,7 +920,14 @@ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ca_user_cert_show_crmf_output0028" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ca_user_cert_show_crmf_output0028" rlRun "openssl x509 -in $TmpDir/ca_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF" "$TmpDir/temp_out-openssl_crmf" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlPhaseEnd ##### Show certs asigned to a user - as a user not associated with any role##### diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh index c55e054f6..69827a114 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh @@ -276,7 +276,7 @@ local cert_info="$TmpDir/cert_info" rlPhaseEnd rlPhaseStartTest "pki_group_cli_group_find-ca-014: Find groups, --start with more than maximum possible input" - maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 11 | head -n 1` + maximum_check=`cat /dev/urandom | tr -dc '0-9' | fold -w 12 | head -n 1` command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT group-find --start=$maximum_check" errmsg="NumberFormatException: For input string: \"$maximum_check\"" errorcode=255 diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh index b44b9cd91..7685b4952 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh @@ -497,7 +497,7 @@ local cert_info="$TmpDir/cert_info" user-cert-add testuser1 --input $TmpDir/pki_ca_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ 0 \ "Cert is added to the user testuser1" - command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD ca-user-add --fullName=test_user u39" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT ca-user-add --fullName=test_user u39" errmsg="ForbiddenException: Authorization Error" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "ca-user-add operation should fail when authenticating using a user cert" diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh new file mode 100755 index 000000000..f9a1f7ef1 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh @@ -0,0 +1,2300 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI kra-user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-user-cli-user-cert-add Finding the certs assigned to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-cert-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-kra-user-cli-user-cert-add_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + ##### Create a temporary directory to save output files and initializing host/port variables ##### + rlPhaseStartSetup "pki_user_cli_user_cert-add-kra-startup: Create temporary directory and initializing host/port variables" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$ROOTCA_ADMIN_CERT_NICKNAME +ROOTCA_agent_user="ROOTCA_agentV" +##### pki_user_cli_user_cert_add_kra-configtest #### + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-configtest-001: pki kra-user-cert-add configuration test" + rlRun "pki kra-user-cert-add --help > $TmpDir/pki_kra_user_cert_add_cfg.out 2>&1" \ + 0 \ + "User cert add configuration" + rlAssertGrep "kra-user-cert-add <User ID> \[OPTIONS...\]" "$TmpDir/pki_kra_user_cert_add_cfg.out" + rlAssertGrep "--input <file> Input file" "$TmpDir/pki_kra_user_cert_add_cfg.out" + rlAssertGrep "--serial <serial number> Serial number of certificate in CA" "$TmpDir/pki_kra_user_cert_add_cfg.out" + rlAssertGrep "--help Show help options" "$TmpDir/pki_kra_user_cert_add_cfg.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/843" + rlPhaseEnd + + ##### Tests to add certs to KRA users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-002-tier1: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_002crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_kra_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out > $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_005crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-006-tier1: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-007-tier1: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_009crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_kra__user_cli_kra_user_cert-add-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + _kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-add Administrators admin_user > $TmpDir/pki-kra-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-add Administrators admin_user1 > $TmpDir/pki-kra-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_kra_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_kra_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_kra_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-CA-0020: Adding a cert as a KRA agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid KRA agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid KRA agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0021: Adding a cert as valid KRA auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a KRA auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0022: Adding a cert as CA_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as KRA_agentUTCA ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0027: Adding a cert as KRA_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_agentUTCA" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user KRA_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an KRA_operatorV ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0028: Adding a cert as KRA_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# group-member-add Administrators $userid > $TmpDir/pki-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $usr > $TmpDir/pki-user-del-kra-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh new file mode 100755 index 000000000..96f42d0d2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh @@ -0,0 +1,850 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI kra-user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-user-cli-kra-user-cert-delete Delete the certs assigned to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-cert-delete.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-kra-user-cli-kra-user-cert-delete_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + ##### Create temporary directory to save output files##### + rlPhaseStartSetup "pki_kra_user_cli_kra_user_cert-del-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user="ROOTCA_agentV" + ##### pki_kra_user_cli_kra_user_cert_delete-configtest #### + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-configtest-001: pki kra-user-cert-del configuration test" + rlRun "pki kra-user-cert-del --help > $TmpDir/pki_kra_user_cert_del_cfg.out 2>&1" \ + 0 \ + "User cert delete configuration" + rlAssertGrep "usage: kra-user-cert-del <User ID> <Cert ID>" "$TmpDir/pki_kra_user_cert_del_cfg.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/pki_kra_user_cert_del_cfg.out" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/843" + rlPhaseEnd + + ##### Tests to delete certs assigned to KRA users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-003: pki kra-user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-004: pki kra-user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-005: pki kra-user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-006-tier1: pki kra-user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-007-tier1: pki kra-user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-008: Delete certs assigned to a user - as KRA_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_auditorV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-009: Delete certs assigned to a user - as KRA_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_adminE ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0010: Delete certs assigned to a user - as KRA_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentE ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0011: Delete certs assigned to a user - as KRA_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_adminR ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0012: Delete certs assigned to a user - as KRA_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentR ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0013: Delete certs assigned to a user - as KRA_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_operatorV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0015: Delete certs assigned to a user - as KRA_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to KRA users - i18n characters #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-del-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-add Administrators admin_user > $TmpDir/pki-user-add-kra-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-kra-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_kra_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_kra_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_kra_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT kra-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT kra-user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh new file mode 100755 index 000000000..f6c59d777 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh @@ -0,0 +1,1084 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI kra-user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-user-cli-kra-user-cert-find Finding the certs assigned to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-kra-user-cli-kra-user-cert-find_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + #####Create temporary dir to save the output files##### + rlPhaseStartSetup "pki_kra_user_cli_kra_user_cert-find-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user="ROOTCA_agentV" +admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) +##### pki_user_cli_user_cert_find_ca-configtest #### + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-configtest-001: pki kra-user-cert-find configuration test" + rlRun "pki kra-user-cert-find --help > $TmpDir/pki_kra_user_cert_find_cfg.out 2>&1" \ + 0 \ + "User cert find configuration" + rlAssertGrep "usage: kra-user-cert-find <User ID> \[OPTIONS...\]" "$TmpDir/pki_kra_user_cert_find_cfg.out" + rlAssertGrep "--size <size> Page size" "$TmpDir/pki_kra_user_cert_find_cfg.out" + rlAssertGrep "--start <start> Page start" "$TmpDir/pki_kra_user_cert_find_cfg.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/pki_kra_user_cert_find_cfg.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/843" + rlPhaseEnd + + ##### Find certs assigned to a CA user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-002: Find the certs of a user in KRA --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a KRA user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-003: Find the certs of a user in KRA --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 > $TmpDir/pki_kra_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_kra_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-004: Find the certs of a user in KRA --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-005: Find the certs of a user in KRA --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user3 > $TmpDir/pki_kra_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_kra_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-006: Find the certs of a user in KRA --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --size=2 > $TmpDir/pki_kra_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_kra_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=0 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-007: Find the certs of a user in KRA --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --size=0 > $TmpDir/pki_kra_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_kra_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=-1 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-008: Find the certs of a user in KRA --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-009: Find the certs of a user in KRA --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --size=50 > $TmpDir/pki_kra_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0010: Find the certs of a user in KRA --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --start=2 > $TmpDir/pki_kra_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_kra_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-011: Find the certs of a user in KRA --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --start=0 > $TmpDir/pki_kra_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-012: Find the certs of a user in KRA --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=0 > $TmpDir/pki_kra_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_kra_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=-1 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0013: Find the certs of a user in KRA --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=50 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0014: Find the certs of a user in KRA --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --start=50 > $TmpDir/pki_kra_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_kra_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0015: Find the certs of a user in KRA --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_kra_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_kra_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0016: Find the certs of a user in KRA --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $newuserid > $TmpDir/pki_kra_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-0017: Find the certs of a user in KRA --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-018: Find the certs of a user in KRA --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_kra_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_kra_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-019: Find the certs of a user in KRA --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_kra_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_kra_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-020: Find the certs of a user in KRA --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_kra_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_kra_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-021: Find the certs of a user in KRA --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_kra_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to KRA users - i18n characters #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_kra_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_kra_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-023: Find the certs of a user as KRA_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-024: Find the certs of a user as KRA_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-025: Find the certs of a user as KRA_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-026: Find the certs of a user as KRA_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-027: Find the certs of a user as KRA_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-028: Find the certs of a user as KRA_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a user whose KRA cert has not been trusted ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a KRA user - userid is missing ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a KRA user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh new file mode 100755 index 000000000..851840d77 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh @@ -0,0 +1,1081 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI kra-user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-user-cli-kra-user-cert-show Show the certs assigned to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-cert-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-kra-user-cli-kra-user-cert-show_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_kra_user_cli_kra_user_cert-show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user="ROOTCA_agentV" +##### pki_kra_user_cli_kra_user_cert_show-configtest #### + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-configtest-001: pki kra-user-cert-show configuration test" + rlRun "pki kra-user-cert-show --help > $TmpDir/pki_kra_user_cert_show_cfg.out 2>&1" \ + 0 \ + "User cert show configuration" + rlAssertGrep "usage: kra-user-cert-show <User ID> <Cert ID> \[OPTIONS...\]" "$TmpDir/pki_kra_user_cert_show_cfg.out" + rlAssertGrep "--encoded Base-64 encoded" "$TmpDir/pki_kra_user_cert_show_cfg.out" + rlAssertGrep "--output <file> Output file" "$TmpDir/pki_kra_user_cert_show_cfg.out" + rlAssertGrep "--pretty Pretty print" "$TmpDir/pki_kra_user_cert_show_cfg.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/pki_kra_user_cert_show_cfg.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/843" + rlPhaseEnd + + ##### Tests to find certs assigned to KRA users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_002crmf.out > $TmpDir/pki_kra_user_cert_show_validcert_002crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-003: pki kra-user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-004: pki kra-user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-005: pki kra-user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-006-tier1: pki kra-user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-007-tier1: pki kra-user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-009: pki kra-user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0010: pki kra-user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0012: pki kra-user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0013: pki kra-user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0014: pki kra-user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0015: pki kra-user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0017: pki kra-user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0018: pki kra-user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_kra_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_kra_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_agentV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0020: Show certs assigned to a user - as KRA_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_auditorV ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0021: Show certs assigned to a user - as KRA_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_adminE ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0022: Show certs assigned to a user - as KRA_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_agentE ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0023: Show certs assigned to a user - as KRA_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_adminR ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0024: Show certs assigned to a user - as KRA_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_agentR ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0025: Show certs assigned to a user - as KRA_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA operator user ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0027: Show certs assigned to a user - as KRA operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show shouls fail when authenticating with an user not associated with any role" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to KRA users - i18n characters #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-show-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_kra_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_kra_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert.sh new file mode 100755 index 000000000..e8c692c59 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert.sh @@ -0,0 +1,97 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI kra-user-cert CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki kra-user-cert cli commands needs to be tested: +# pki-kra-user-cert +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +# pki kra-user-cert ran without any options should show all the command line options of pki cert +run_pki-kra-user-cert() +{ +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + + rlPhaseStartSetup "Create Temporary Directory " + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-001: pki kra-user-cert help option" + local temp_out="$TmpDir/pki_user-cert" + rlLog "Executing pki kra-user-cert --help" + rlRun "pki kra-user-cert --help 1> $temp_out" 0 "pki kra-user-cert --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep "kra-user-cert-find Find user certificates" "$temp_out" + rlAssertGrep "kra-user-cert-show Show user certificate" "$temp_out" + rlAssertGrep "kra-user-cert-add Add user certificate" "$temp_out" + rlAssertGrep "kra-user-cert-del Remove user certificate" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-002: pki kra-user-cert with junk characters should return invalid module" + local temp_out1="$TmpDir/pki_kra-user-cert001" + local rand=`cat /dev/urandom | tr -dc 'a-zA-Z0-9*?$@#!%^&*()' | fold -w 40 | head -n 1` + rlLog "Executing pki kra-user-cert \"$rand\" characters" + rlRun "pki kra-user-cert \"$rand\" 2> $temp_out1" 255 "Command pki kra-user-cert with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki user-cert cleanup: Delete temp dir" + rlRun "popd" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh new file mode 100755 index 000000000..8955dfdf5 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh @@ -0,0 +1,1094 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-user-cli +# Description: PKI kra-user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-kra-user-cli-kra-user-mod Modify existing users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-kra-user-cli-kra-user-mod_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_kra_user_cli_kra_user_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=kra_user +user1fullname="Test kra user" +user2=abcdefghijklmnopqrstuvwxyx12345678 +user3=abc# +user4=abc$ +user5=abc@ +user6=abc? +user7=0 +user1_mod_fullname="Test kra user modified" +user1_mod_email="testkrauser@myemail.com" +user1_mod_passwd="Secret1234" +user1_mod_state="NC" +user1_mod_phone="1234567890" +randsym="" +i18nuser=i18nuser +i18nuserfullname="Örjan Äke" +i18nuser_mod_fullname="kakskümmend" +i18nuser_mod_email="kakskümmend@example.com" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + ##### pki_kra_user_cli_kra_user_mod-configtest #### + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-configtest-001: pki kra-user-mod configuration test" + rlRun "pki kra-user-mod --help > $TmpDir/pki_kra_user_mod_cfg.out 2>&1" \ + 0 \ + "User modification configuration" + rlAssertGrep "usage: kra-user-mod <User ID> \[OPTIONS...\]" "$TmpDir/pki_kra_user_mod_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_kra_user_mod_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_kra_user_mod_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_kra_user_mod_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_kra_user_mod_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_kra_user_mod_cfg.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/pki_kra_user_mod_cfg.out" + rlPhaseEnd + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-002: Modify a user's fullname in KRA using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-kra-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-kra-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-003: Modify a user's email,phone,state,password in KRA using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-kra-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-kra-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-kra-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-kra-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-kra-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-kra-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-kra-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-kra-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-kra-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-005:--email with maximum length and symbols " + randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=\"$randsym\" u2 > $TmpDir/pki-kra-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-kra-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-kra-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-kra-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=# u3 > $TmpDir/pki-kra-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-kra-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-kra-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-kra-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=* u4 > $TmpDir/pki-kra-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-kra-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-kra-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-kra-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=$ u5 > $TmpDir/pki-kra-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-kra-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-kra-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-kra-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=0 u6 > $TmpDir/pki-kra-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-kra-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-kra-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-kra-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-kra-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-kra-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-kra-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-011:--state with maximum length and symbols " + randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state=\"$randsym\" u8 > $TmpDir/pki-kra-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-kra-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-kra-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-kra-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state=# u9 > $TmpDir/pki-kra-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-kra-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-kra-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state=* u10 > $TmpDir/pki-kra-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-kra-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-kra-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state=$ u11 > $TmpDir/pki-kra-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-kra-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-kra-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --state=0 u12 > $TmpDir/pki-kra-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-kra-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-kra-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-kra-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-kra-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-017:--phone with maximum length and symbols " + randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test usr1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone='$randsym' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-018:--phone with maximum length and numbers only " + randsym=`cat /dev/urandom | tr -dc '0-9' | fold -w 1024 | head -n 1` + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-kra-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-kra-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-kra-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-kra-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --phone=-1230 u14 > $TmpDir/pki-kra-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-kra-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-kra-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-kra-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-023-tier1: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-024-tier1: Modify a user -- all options provided" + email="kra_user2@myemail.com" + user_password="krauser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-kra-user-mod-025.out" \ + 0 \ + "Modify user u15 to CA -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-027: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-028: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-029: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-030: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-031: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-032: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as CA_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted KRA users##### + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-033: Should not be able to modify user using a cert created from a untrusted KRA role_user_UTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-034: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName='$user1fullname' u17" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-035: Modify a user in KRA using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-036: Modify a user in KRA using KRA admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-show u16 > $TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=\"\" u16 > $TmpDir/pki-kra-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-037: Modify a user in CA using CA_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-show u16 > $TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-038: Modify a user in KRA using an admin user in KRA - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-show u16 > $TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify KRA users with the same value #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-039: Modify a user in KRA using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-show $user1 > $TmpDir/pki-kra-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-kra-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-kra-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-kra-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-kra-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify KRA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-040: Modify a user in KRA using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-show u16 > $TmpDir/pki-kra-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-kra-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --email=\"$email\" u16 > $TmpDir/pki-kra-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-kra-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify KRA users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-041: Modify a user's fullname having i18n chars in KRA using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-kra-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-kra-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-kra-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-kra-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify KRA users having i18n chars in email #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_mod-042: Modify a user's email having i18n chars in KRA using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del usr$i > $TmpDir/pki-usr-del-kra-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-kra-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-del $i18nuser > $TmpDir/pki-user-del-kra-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-kra-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh index 47a5663c7..6f4a8bab6 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh @@ -313,8 +313,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlLog "$(cat $TmpDir/pki_user_cert_show_CA_usershowcert_008.out | grep Subject | awk -F":" '{print $2}')" rlRun "openssl x509 -in $TmpDir/pki_user_cert_show_CA_usershowcert_008.out -noout -serial 1> $TmpDir/temp_out-openssl_008" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10" "$TmpDir/temp_out-openssl_008" - + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_008| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_pkcs10 ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -340,7 +346,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlLog "$(cat $TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" rlRun "openssl x509 -in $TmpDir/pki_user_cert_show_CA_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf_008" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF" "$TmpDir/temp_out-openssl_crmf_008" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf_008| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_crmf ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlPhaseEnd ##### Show certs asigned to a user - --encoded option - no User ID ##### @@ -392,7 +405,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output_0011.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output_0011.out" rlRun "openssl x509 -in $TmpDir/pki_user_cert_show_CA_usercertshow_output_0011.out -noout -serial 1> $TmpDir/temp_out-openssl_0011" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10" "$TmpDir/temp_out-openssl_0011" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_0011| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_pkcs10 ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011.out" @@ -419,7 +439,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf_0011.out" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf_0011.out" rlRun "openssl x509 -in $TmpDir/pki_user_cert_show_CA_usercertshow_output_crmf_0011.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf_0011" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF" "$TmpDir/temp_out-openssl_crmf_0011" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf_0011| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_crmf ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlAssertGrep "Certificate \"2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_crmf;$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_show_CA_usershowcert_0011crmf.out" @@ -642,8 +669,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/user_cert_show_output0019" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/user_cert_show_output0019" rlRun "openssl x509 -in $TmpDir/user_cert_show_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_0019" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10_new" "$TmpDir/temp_out-openssl_0019" - + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_0019| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_pkcs10_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlRun "pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -686,7 +719,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/user_cert_show_output0019crmf" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/user_cert_show_output0019crmf" rlRun "openssl x509 -in $TmpDir/user_cert_show_output0019crmf -noout -serial 1> $TmpDir/temp_out-openssl_crmf_0019" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF_new" "$TmpDir/temp_out-openssl_crmf_0019" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf_0019| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_crmf_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -890,8 +930,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/user_cert_show_output0030" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/user_cert_show_output0030" rlRun "openssl x509 -in $TmpDir/user_cert_show_output0030 -noout -serial 1> $TmpDir/temp_out-openssl_0030" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_PKCS10" "$TmpDir/temp_out-openssl_0030" - + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_0030| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_pkcs10 ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlLog "Executing pki -d $CERTDB_DIR/ \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -919,8 +965,14 @@ local TEMP_NSS_DB_PASSWD="redhat123" rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/user_cert_show_output0030crmf" rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/user_cert_show_output0030crmf" rlRun "openssl x509 -in $TmpDir/user_cert_show_output0030crmf -noout -serial 1> $TmpDir/temp_out-openssl_crmf_0030" 0 "Run openssl to verify PEM output" - rlAssertGrep "serial=$CONV_UPP_VAL_CRMF" "$TmpDir/temp_out-openssl_crmf_0030" - + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf_0030| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $decimal_valid_serialNumber_crmf ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi rlPhaseEnd ##### Show certs asigned to a user - as a user not associated with any role##### diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh new file mode 100755 index 000000000..d2fb5291d --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh @@ -0,0 +1,2404 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-add-kra Add certs to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-add-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-add-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + ##### Create a temporary directory to save output files and initializing host/port variables ##### + rlPhaseStartSetup "pki_user_cli_user_cert-add-kra-startup: Create temporary directory and initializing host/port variables" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$ROOTCA_ADMIN_CERT_NICKNAME +ROOTCA_agent_user="ROOTCA_agentV" + + ##### Tests to add certs to KRA users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_002crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-add-kra-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + kra-user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_kra_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_004crmf.out > $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_005crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_kra_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-006-tier1: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_006crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-007-tier1: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_009crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-add Administrators admin_user > $TmpDir/pki-kra-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-add Administrators admin_user1 > $TmpDir/pki-kra-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_kra_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_kra_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_kra_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_kra_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + kra-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_kra_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-KRA-0020: Adding a cert as a KRA agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid KRA agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid KRA agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0021: Adding a cert as valid KRA auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a KRA auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0022: Adding a cert as KRA_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as KRA_agentUTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0027: Adding a cert as KRA_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + kra-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_agentUTCA" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user KRA_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an KRA_operatorV ##### + +rlPhaseStartTest "pki_user_cli_user_cert-KRA-add-0028: Adding a cert as KRA_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as KRA_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_user_cli_user_cert-KRA-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --input $TmpDir/pki_kra_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add --input $TmpDir/pki_kra_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT kra-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_kra_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_user_cli_kra_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# group-member-add Administrators $userid > $TmpDir/pki-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh new file mode 100755 index 000000000..ba98ef7d7 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh @@ -0,0 +1,880 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-delete-kra Delete the certs assigned to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-delete-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-delete-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + ##### Create temporary directory to save output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-del-kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user="ROOTCA_agentV" + + ##### Tests to delete certs assigned to KRA users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-003: pki user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-004: pki user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-005: pki user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-006-tier1: pki user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-007-tier1: pki user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-008: Delete certs assigned to a user - as KRA_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki kra-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-009: Delete certs assigned to a user - as KRA_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0010: Delete certs assigned to a user - as KRA_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0011: Delete certs assigned to a user - as KRA_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0012: Delete certs assigned to a user - as KRA_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-0013: Delete certs assigned to a user - as KRA_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as KRA_operatorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-KRA-0015: Delete certs assigned to a user - as KRA_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-del '2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to KRA users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-kra-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-add Administrators admin_user > $TmpDir/pki-user-add-kra-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-kra-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add admin_user --input $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_kra_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_kra_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_kra_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_kra_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_kra_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT -t kra user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add admin_user1 --input $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_kra_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_kra_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_kra_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $CA_HOST -p $CA_PORT -t kra user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh new file mode 100755 index 000000000..158b2a547 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh @@ -0,0 +1,1127 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-find-kra Finding the certs assigned to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-kra-user-cli-kra-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-find-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + #####Create temporary dir to save the output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-find-kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user="ROOTCA_agentV" +admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) + + ##### Find certs assigned to a KRA user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-002: Find the certs of a user in KRA --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a KRA user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-003: Find the certs of a user in KRA --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 > $TmpDir/pki_kra_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_kra_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-004: Find the certs of a user in KRA --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-005: Find the certs of a user in KRA --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user3 > $TmpDir/pki_kra_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_kra_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-006: Find the certs of a user in KRA --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --size=2 > $TmpDir/pki_kra_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_kra_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-007: Find the certs of a user in KRA --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --size=0 > $TmpDir/pki_kra_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_kra_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-008: Find the certs of a user in KRA --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-009: Find the certs of a user in KRA --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --size=50 > $TmpDir/pki_kra_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-010: Find the certs of a user in KRA --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --start=2 > $TmpDir/pki_kra_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_kra_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-011: Find the certs of a user in KRA --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --start=0 > $TmpDir/pki_kra_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-012: Find the certs of a user in KRA --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=0 > $TmpDir/pki_kra_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_kra_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=-1 #### + +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-find-013: Find the certs of a user in KRA --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=50 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-014: Find the certs of a user in KRA --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --start=50 > $TmpDir/pki_kra_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_kra_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-015: Find the certs of a user in KRA --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_kra_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_kra_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-016: Find the certs of a user in KRA --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $newuserid --input $TmpDir/pki_kra_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $newuserid > $TmpDir/pki_kra_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-017: Find the certs of a user in KRA --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-018: Find the certs of a user in KRA --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_kra_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_kra_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-019: Find the certs of a user in KRA --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_kra_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_kra_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-020: Find the certs of a user in KRA --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_kra_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_kra_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a KRA user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-021: Find the certs of a user in KRA --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_kra_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_kra_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to KRA users - i18n characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_kra_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_kra_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-find $user1 > $TmpDir/pki_kra_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_kra_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_kra_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-023: Find the certs of a user as KRA_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-024: Find the certs of a user as KRA_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-025: Find the certs of a user as KRA_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-026: Find the certs of a user as KRA_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-027: Find the certs of a user as KRA_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-028: Find the certs of a user as KRA_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a user whose KRA cert has not been trusted ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a KRA user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a KRA user - userid is missing ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - kra-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a KRA user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-kra-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh new file mode 100755 index 000000000..bb2aed736 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh @@ -0,0 +1,1118 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-show-kra Show the certs assigned to users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-show-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-show-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-show-kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user="ROOTCA_agentV" + + ##### Tests to find certs assigned to KRA users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_002crmf.out > $TmpDir/pki_kra_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user2 --input $TmpDir/pki_kra_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-003: pki user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-004: pki user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-005: pki user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-006-tier1: pki user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-007-tier1: pki user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-009: pki user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0010: pki user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0012: pki user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0013: pki user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 --output $TmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0014: pki user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_kra_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0015: pki user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0017: pki user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0018: pki user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_kra_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_kra_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_pkcs10_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/kra_user_cert_show_crmf_output0019 > $TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0020: Show certs assigned to a user - as KRA_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0021: Show certs assigned to a user - as KRA_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0022: Show certs assigned to a user - as KRA_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0023: Show certs assigned to a user - as KRA_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0024: Show certs assigned to a user - as KRA_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0025: Show certs assigned to a user - as KRA_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as KRA operator user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0027: Show certs assigned to a user - as KRA operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_pkcs10_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/kra_user_cert_show_crmf_output0028 > $TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_kra_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/kra_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/kra_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to KRA users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-show-kra-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_kra_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_kra_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_kra_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_kra_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-add $user1 --input $TmpDir/pki_kra_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_kra_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME);UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_kra_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh new file mode 100755 index 000000000..fd4c4f655 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh @@ -0,0 +1,1156 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-mod Modify existing users in the pki kra subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-mod-kra.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-user-cli-user-mod-kra_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 + +if [ "$TOPO9" = "TRUE" ] ; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) +elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + fi +else + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) +fi + +CA_HOST=$(eval echo \$${MYROLE}) +CA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_user_cli_user_mod_kra-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +user1=kra_user +user1fullname="Test kra user" +user2=abcdefghijklmnopqrstuvwxyx12345678 +user3=abc# +user4=abc$ +user5=abc@ +user6=abc? +user7=0 +user1_mod_fullname="Test kra user modified" +user1_mod_email="testkrauser@myemail.com" +user1_mod_passwd="Secret1234" +user1_mod_state="NC" +user1_mod_phone="1234567890" +randsym="" +i18nuser=i18nuser +i18nuserfullname="Örjan Äke" +i18nuser_mod_fullname="kakskümmend" +i18nuser_mod_email="kakskümmend@example.com" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-002: Modify a user's fullname in KRA using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-kra-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-kra-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-003: Modify a user's email,phone,state,password in KRA using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-kra-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-kra-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-kra-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-kra-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-kra-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-kra-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-kra-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-kra-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-kra-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-005:--email with maximum length and symbols " + randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=\"$randsym\" u2 > $TmpDir/pki-kra-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-kra-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-kra-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-kra-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=# u3 > $TmpDir/pki-kra-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-kra-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-kra-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-kra-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=* u4 > $TmpDir/pki-kra-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-kra-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-kra-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-kra-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=$ u5 > $TmpDir/pki-kra-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-kra-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-kra-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-kra-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=0 u6 > $TmpDir/pki-kra-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-kra-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-kra-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-kra-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-kra-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-kra-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-kra-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symbols " + randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state=\"$randsym\" u8 > $TmpDir/pki-kra-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-kra-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-kra-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-kra-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state=# u9 > $TmpDir/pki-kra-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-kra-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-kra-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-kra-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state=* u10 > $TmpDir/pki-kra-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-kra-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-kra-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-kra-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state=$ u11 > $TmpDir/pki-kra-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-kra-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-kra-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-kra-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --state=0 u12 > $TmpDir/pki-kra-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-kra-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-kra-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-kra-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-kra-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-kra-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-kra-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-kra-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-017:--phone with maximum length and symbols " + randsym=`cat /dev/urandom | tr -dc 'a-zA-Z0-9@#%^&_+=~*-' | fold -w 1024 | head -n 1` + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test usr1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone='$randsym' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-018:--phone with maximum length and numbers only " + randsym=`cat /dev/urandom | tr -dc '0-9' | fold -w 1024 | head -n 1` + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-kra-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-kra-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-kra-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-kra-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --phone=-1230 u14 > $TmpDir/pki-kra-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-kra-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-kra-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-kra-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-kra-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-023-tier1: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_user_cli_user_mod-kra-024-tier1: Modify a user -- all options provided" + email="kra_user2@myemail.com" + user_password="krauser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-kra-user-mod-025.out" \ + 0 \ + "Modify user u15 to CA -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_mod_kra-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_mod_kra-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_kra-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_mod_kra-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_kra-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_user_cli_user_mod_kra-032: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_user_cli_user_mod_kra-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as KRA_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted KRA users##### + rlPhaseStartTest "pki_user_cli_user_mod_kra-034: Should not be able to modify user using a cert created from a untrusted KRA role_user_UTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_user_cli_user_mod_kra-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName='$user1fullname' u17" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-036: Modify a user in KRA using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-037: Modify a user in KRA using KRA admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-show u16 > $TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=\"\" u16 > $TmpDir/pki-kra-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-038: Modify a user in KRA using KRA_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-show u16 > $TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-kra-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-039: Modify a user in KRA using an admin user in KRA - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-show u16 > $TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-kra-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify KRA users with the same value #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-040: Modify a user in KRA using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-show $user1 > $TmpDir/pki-kra-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-kra-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-kra-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-kra-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-kra-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-kra-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-kra-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_kra-041: Modify a user in KRA using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-show u16 > $TmpDir/pki-kra-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-kra-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-kra-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --email=\"$email\" u16 > $TmpDir/pki-kra-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-kra-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-kra-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-kra-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-kra-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify KRA users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-042: Modify a user's fullname having i18n chars in KRA using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-kra-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-kra-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-kra-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-kra-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify KRA users having i18n chars in email #### + +rlPhaseStartTest "pki_user_cli_user_mod_kra-043: Modify a user's email having i18n chars in KRA using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $CA_PORT -t kra user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartTest "pki_user_cli_user_kra_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del usr$i > $TmpDir/pki-usr-del-kra-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-kra-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $CA_HOST \ + -p $CA_PORT \ + -t kra \ + user-del $i18nuser > $TmpDir/pki-user-del-kra-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-kra-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +} diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 31b86e6d8..cdb687eae 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -57,6 +57,11 @@ . ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh . ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh . ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert-show.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert-request-show.sh @@ -139,6 +144,12 @@ . ./acceptance/cli-tests/pki-kra-key-cli/pki-kra-key-cli-recover-kra.sh . ./acceptance/cli-tests/pki-kra-key-cli/pki-kra-key-cli-retrieve-kra.sh . ./acceptance/cli-tests/pki-kra-key-cli/pki-kra-key-cli-request-review-kra.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-mod.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-add.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-find.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-show.sh +. ./acceptance/cli-tests/pki-kra-user-cli/pki-kra-user-cli-kra-user-cert-delete.sh . ./acceptance/bugzilla/tomcatjss-bugs.sh . ./acceptance/bugzilla/pki-core-bugs/giant-debug-log.sh . ./acceptance/bugzilla/pki-core-bugs/CSbackup-bug.sh @@ -337,6 +348,54 @@ rlJournalStart run_pki-user-cli-user-cert-delete-ca_tests $subsystemId $subsystemType $MYROLE fi + ######## PKI USER KRA TESTS ############ + PKI_USER_KRA_UPPERCASE=$(echo $PKI_USER_KRA | tr [a-z] [A-Z]) + if [ "$PKI_USER_KRA_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-user-cli-user-mod-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-user-cli-user-cert-add-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-user-cli-user-cert-find-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-user-cli-user-cert-show-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-user-cli-user-cert-delete-kra_tests $subsystemId $subsystemType $MYROLE + fi + + USER_MOD_KRA_UPPERCASE=$(echo $USER_MOD_KRA | tr [a-z] [A-Z]) + if [ "$USER_MOD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-mod-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-user-cli-user-mod-kra_tests $subsystemId $subsystemType $MYROLE + fi + USER_CERT_ADD_KRA_UPPERCASE=$(echo $USER_CERT_ADD_KRA | tr [a-z] [A-Z]) + if [ "$USER_CERT_ADD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-add-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-user-cli-user-cert-add-kra_tests $subsystemId $subsystemType $MYROLE + fi + USER_CERT_FIND_KRA_UPPERCASE=$(echo $USER_CERT_FIND_KRA | tr [a-z] [A-Z]) + if [ "$USER_CERT_FIND_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-find-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-user-cli-user-cert-find-kra_tests $subsystemId $subsystemType $MYROLE + fi + USER_CERT_SHOW_KRA_UPPERCASE=$(echo $USER_CERT_SHOW_KRA | tr [a-z] [A-Z]) + if [ "$USER_CERT_SHOW_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-show-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-user-cli-user-cert-show-kra_tests $subsystemId $subsystemType $MYROLE + fi + USER_CERT_DEL_KRA_UPPERCASE=$(echo $USER_CERT_DEL_KRA | tr [a-z] [A-Z]) + if [ "$USER_CERT_DEL_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-del-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-user-cli-user-cert-delete-kra_tests $subsystemId $subsystemType $MYROLE + fi ######## PKI CA_USER TESTS ############ PKI_CA_USER_UPPERCASE=$(echo $PKI_CA_USER | tr [a-z] [A-Z]) if [ "$PKI_CA_USER_UPPERCASE" = "TRUE" ] ; then @@ -696,6 +755,83 @@ rlJournalStart run_pki-group-cli-group-member-show-ca_tests $subsystemId $subsystemType $MYROLE fi + ######## PKI GROUP KRA TESTS ############ + PKI_GROUP_KRA_TEST_UPPERCASE=$(echo $PKI_GROUP_KRA_TEST | tr [a-z] [A-Z]) + if [ "$PKI_GROUP_KRA_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki group tests for kra + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-add-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-group-cli-group-show-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-group-cli-group-find-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-group-cli-group-mod-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-group-cli-group-del-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-group-cli-group-member-add-kra_tests $subsystemId $subsystemType $MYROLE + run_pki-group-cli-group-member-find-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_ADD_KRA_UPPERCASE=$(echo $GROUP_ADD_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_ADD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-add-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-add-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_SHOW_KRA_UPPERCASE=$(echo $GROUP_SHOW_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_SHOW_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-show-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-show-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_FIND_KRA_UPPERCASE=$(echo $GROUP_FIND_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_FIND_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-find-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-find-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_MOD_KRA_UPPERCASE=$(echo $GROUP_MOD_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_MOD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-mod-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-mod-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_DEL_KRA_UPPERCASE=$(echo $GROUP_DEL_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_DEL_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-del-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-del-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_MEMBER_ADD_KRA_UPPERCASE=$(echo $GROUP_MEMBER_ADD_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_ADD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-add-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-member-add-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_MEMBER_FIND_KRA_UPPERCASE=$(echo $GROUP_MEMBER_FIND_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_FIND_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-find-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-member-find-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_MEMBER_DEL_KRA_UPPERCASE=$(echo $GROUP_MEMBER_DEL_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_DEL_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-del-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-member-del-kra_tests $subsystemId $subsystemType $MYROLE + fi + GROUP_MEMBER_SHOW_KRA_UPPERCASE=$(echo $GROUP_MEMBER_SHOW_KRA | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_SHOW_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-show-kra tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-group-cli-group-member-show-kra_tests $subsystemId $subsystemType $MYROLE + fi ######## PKI CA GROUP TESTS ############ PKI_CA_GROUP_TEST_UPPERCASE=$(echo $PKI_CA_GROUP_TEST | tr [a-z] [A-Z]) if [ "$PKI_CA_GROUP_TEST_UPPERCASE" = "TRUE" ] ; then @@ -1032,6 +1168,88 @@ rlJournalStart subsystemType=kra run_pki-kra-user-cli-kra-user-cert-delete_tests $subsystemId $subsystemType $MYROLE fi + + ######## PKI KRA GROUP TESTS ############ + PKI_KRA_GROUP_TEST_UPPERCASE=$(echo $PKI_KRA_GROUP_TEST | tr [a-z] [A-Z]) + if [ "$PKI_KRA_GROUP_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki kra-group tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-add_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-mod_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-find_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-show_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-del_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-member-add_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-member-show_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-member-find_tests $subsystemId $subsystemType $MYROLE + run_pki-kra-group-cli-kra-group-member-del_tests $subsystemId $subsystemType $MYROLE + fi + + KRA_GROUP_ADD_UPPERCASE=$(echo $KRA_GROUP_ADD | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-add tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-add_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_MOD_UPPERCASE=$(echo $KRA_GROUP_MOD | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-mod tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-mod_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_FIND_UPPERCASE=$(echo $KRA_GROUP_FIND | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-find tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-find_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_SHOW_UPPERCASE=$(echo $KRA_GROUP_SHOW | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-show tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-show_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_DEL_UPPERCASE=$(echo $KRA_GROUP_DEL | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-del tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-del_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_MEMBER_ADD_UPPERCASE=$(echo $KRA_GROUP_MEMBER_ADD | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_MEMBER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-member-add tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-member-add_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_MEMBER_SHOW_UPPERCASE=$(echo $KRA_GROUP_MEMBER_SHOW | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_MEMBER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-member-show tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-member-show_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_MEMBER_FIND_UPPERCASE=$(echo $KRA_GROUP_MEMBER_FIND | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_MEMBER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-member-find tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-member-find_tests $subsystemId $subsystemType $MYROLE + fi + KRA_GROUP_MEMBER_DEL_UPPERCASE=$(echo $KRA_GROUP_MEMBER_DEL | tr [a-z] [A-Z]) + if [ "$KRA_GROUP_MEMBER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki kra-group-member-del tests + subsystemId=$KRA_INST + subsystemType=kra + run_pki-kra-group-cli-kra-group-member-del_tests $subsystemId $subsystemType $MYROLE + fi + ######## PKI USER TESTS ############ USER_CLEANUP_CA_UPPERCASE=$(echo $USER_CLEANUP_CA | tr [a-z] [A-Z]) #Clean up role users (admin agent etc) created in CA |