summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorRoshni Pattath <rpattath@redhat.com>2015-04-20 12:38:00 -0400
committerRoshni Pattath <rpattath@redhat.com>2015-04-20 12:39:36 -0400
commit35a946e1b1a8f8c7e27891f5c4a3845212f49251 (patch)
tree08984e9f33be27e6033675d04033dd13064a4b28 /tests
parent4e7c48121aed229e21302e0b8a0c3096b3e851bd (diff)
downloadpki-35a946e1b1a8f8c7e27891f5c4a3845212f49251.tar.gz
pki-35a946e1b1a8f8c7e27891f5c4a3845212f49251.tar.xz
pki-35a946e1b1a8f8c7e27891f5c4a3845212f49251.zip
TPS Legacy tests
TPS Leagcy tests, TPS install tests, MS CA external CA test and other changes to install tests
Diffstat (limited to 'tests')
-rwxr-xr-xtests/dogtag/Makefile18
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh88
-rw-r--r--tests/dogtag/acceptance/install-tests/ca-installer.sh461
-rw-r--r--tests/dogtag/acceptance/install-tests/kra-installer.sh160
-rw-r--r--tests/dogtag/acceptance/install-tests/ocsp-installer.sh160
-rw-r--r--tests/dogtag/acceptance/install-tests/tks-installer.sh163
-rwxr-xr-xtests/dogtag/acceptance/install-tests/tps-installer.sh242
-rwxr-xr-xtests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh5703
-rwxr-xr-xtests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh559
-rwxr-xr-xtests/dogtag/acceptance/quickinstall/rhcs-install.sh161
-rwxr-xr-xtests/dogtag/runtest.sh369
-rw-r--r--tests/dogtag/shared/env.sh82
-rwxr-xr-xtests/dogtag/shared/pki-cert-cli-lib.sh67
-rwxr-xr-xtests/dogtag/shared/rhcs-shared.sh29
-rwxr-xr-xtests/dogtag/topologies.sh118
15 files changed, 7864 insertions, 516 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile
index 74c5fa355..182db1e8e 100755
--- a/tests/dogtag/Makefile
+++ b/tests/dogtag/Makefile
@@ -275,8 +275,8 @@ build: $(BUILT_FILES)
chmod a+x ./acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh
chmod a+x ./acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh
chmod a+x ./acceptance/legacy/subca-tests/crls/subca-ag-crls.sh
- chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh
+ chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh
chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh
chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh
@@ -287,13 +287,15 @@ build: $(BUILT_FILES)
chmod a+x ./acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh
chmod a+x ./acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh
chmod a+x ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh
- chmod a+x ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh
- chmod a+x ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh
- chmod a+x ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh
+ chmod a+x ./acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh
chmod a+x ./acceptance/legacy/tks-tests/usergroups/tks-ad-usergroups.sh
+ chmod a+x ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh
+ chmod a+x ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh
+ chmod a+x ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh
chmod a+x ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh
- chmod a+x ./acceptance/legacy/clone_ca_tests/clone_tests.sh
chmod a+x ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh
+ chmod a+x ./acceptance/legacy/clone_ca_tests/clone_tests.sh
+ chmod a+x ./acceptance/legacy/tps-tests/tps-enrollments.sh
# bug verifications
chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh
chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh
@@ -304,6 +306,12 @@ build: $(BUILT_FILES)
chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1133718.sh
chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1040640.sh
chmod a+x ./acceptance/bugzilla/pki-core-bugs/bug-790924.sh
+ #installer tests
+ chmod a+x ./acceptance/install-tests/ca-installer.sh
+ chmod a+x ./acceptance/install-tests/kra-installer.sh
+ chmod a+x ./acceptance/install-tests/ocsp-installer.sh
+ chmod a+x ./acceptance/install-tests/tks-installer.sh
+ chmod a+x ./acceptance/install-tests/tps-installer.sh
clean:
rm -f *~ $(BUILT_FILES)
diff --git a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh
index dd581b960..ee1ad3c8a 100755
--- a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh
+++ b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh
@@ -66,39 +66,41 @@ else
fi
SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
-
eval ${subsystemId}_adminV_user=${subsystemId}_adminV
-eval ${subsystemId}_adminV_fullName=${subsystemId}_Admin_ValidCert
-eval ${subsystemId}_adminV_password=${subsystemId}_adminV_password
-eval ${subsystemId}_adminR_user=${subsystemId}_adminR
-eval ${subsystemId}_adminR_fullName=${subsystemId}_Admin_RevokedCert
-eval ${subsystemId}_adminR_password=${subsystemId}_adminR_password
-eval ${subsystemId}_adminE_user=${subsystemId}_adminE
-eval ${subsystemId}_adminE_fullName=${subsystemId}_admin_ExpiredCert
-eval ${subsystemId}_adminE_password=${subsystemId}_adminE_password
-eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA
-eval ${subsystemId}_adminUTCA_fullName=${subsystemId}_Admin_CertIssuedByUntrustedCA
-eval ${subsystemId}_adminUTCA_password=${subsystemId}_adminUTCA_password
-eval ${subsystemId}_agentV_user=${subsystemId}_agentV
-eval ${subsystemId}_agentV_fullName=${subsystemId}_Agent_ValidCert
-eval ${subsystemId}_agentV_password=${subsystemId}_agentV_password
-eval ${subsystemId}_agentR_user=${subsystemId}_agentR
-eval ${subsystemId}_agentR_fullName=${subsystemId}_Agent_RevokedCert
-eval ${subsystemId}_agentR_password=${subsystemId}_agentR_password
-eval ${subsystemId}_agentE_user=${subsystemId}_agentE
-eval ${subsystemId}_agentE_fullName=${subsystemId}_agent_ExpiredCert
-eval ${subsystemId}_agentE_password=${subsystemId}_agentE_password
-eval ${subsystemId}_agentUTCA_user=${subsystemId}_agentUTCA
-eval ${subsystemId}_agentUTCA_fullName=${subsystemId}_Agent_CertIssuedByUntrustedCA
-eval ${subsystemId}_agentUTCA_password=${subsystemId}_agentUTCA_password
-eval ${subsystemId}_auditV_user=${subsystemId}_auditV
-eval ${subsystemId}_auditV_fullName=${subsystemId}_Audit_ValidCert
-eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password
-eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV
-eval ${subsystemId}_operatorV_password=${subsystemId}_operatorV_password
-eval ${subsystemId}_operatorV_fullName=${subsystemId}_Operator_ValidCert
+ eval ${subsystemId}_adminV_fullName=${subsystemId}_Admin_ValidCert
+ eval ${subsystemId}_adminV_password=${subsystemId}_adminV_password
+ eval ${subsystemId}_adminR_user=${subsystemId}_adminR
+ eval ${subsystemId}_adminR_fullName=${subsystemId}_Admin_RevokedCert
+ eval ${subsystemId}_adminR_password=${subsystemId}_adminR_password
+ eval ${subsystemId}_adminE_user=${subsystemId}_adminE
+ eval ${subsystemId}_adminE_fullName=${subsystemId}_admin_ExpiredCert
+ eval ${subsystemId}_adminE_password=${subsystemId}_adminE_password
+ eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA
+ eval ${subsystemId}_adminUTCA_fullName=${subsystemId}_Admin_CertIssuedByUntrustedCA
+ eval ${subsystemId}_adminUTCA_password=${subsystemId}_adminUTCA_password
+ eval ${subsystemId}_agentV_user=${subsystemId}_agentV
+ eval ${subsystemId}_agentV_fullName=${subsystemId}_Agent_ValidCert
+ eval ${subsystemId}_agentV_password=${subsystemId}_agentV_password
+ eval ${subsystemId}_agentR_user=${subsystemId}_agentR
+ eval ${subsystemId}_agentR_fullName=${subsystemId}_Agent_RevokedCert
+ eval ${subsystemId}_agentR_password=${subsystemId}_agentR_password
+ eval ${subsystemId}_agentE_user=${subsystemId}_agentE
+ eval ${subsystemId}_agentE_fullName=${subsystemId}_agent_ExpiredCert
+ eval ${subsystemId}_agentE_password=${subsystemId}_agentE_password
+ eval ${subsystemId}_agentUTCA_user=${subsystemId}_agentUTCA
+ eval ${subsystemId}_agentUTCA_fullName=${subsystemId}_Agent_CertIssuedByUntrustedCA
+ eval ${subsystemId}_agentUTCA_password=${subsystemId}_agentUTCA_password
+ eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV
+ eval ${subsystemId}_operatorV_password=${subsystemId}_operatorV_password
+ eval ${subsystemId}_operatorV_fullName=${subsystemId}_Operator_ValidCert
-export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_adminE_user ${subsystemId}_adminUTCA_user ${subsystemId}_agentV_user ${subsystemId}_agentR_user ${subsystemId}_agentE_user ${subsystemId}_agentUT${subsystemId}_user ${subsystemId}_auditV_user ${subsystemId}_operatorV_user
+ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_adminE_user ${subsystemId}_adminUTCA_user ${subsystemId}_agentV_user ${subsystemId}_agentR_user ${subsystemId}_agentE_user ${subsystemId}_agentUTCA_user ${subsystemId}_operatorV_user
+if [ $SUBSYSTEM_TYPE != "tps" ] ; then
+ eval ${subsystemId}_auditV_user=${subsystemId}_auditV
+ eval ${subsystemId}_auditV_fullName=${subsystemId}_Audit_ValidCert
+ eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password
+ export ${subsystemId}_auditV_user
+fi
######################################################################
rlPhaseStartSetup "create-role-user-startup: Create temp directory and import CA agent cert into a nss certificate db and trust CA root cert"
@@ -119,7 +121,11 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
rlPhaseEnd
rlPhaseStartSetup "Creating user and add user to the group"
- user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password))
+ if [ $SUBSYSTEM_TYPE = "tps" ] ; then
+ user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password))
+ else
+ user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password))
+ fi
i=0
while [ $i -lt ${#user[@]} ] ; do
userid=${user[$i]}
@@ -164,7 +170,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
agent_group_name="Token Key Service Manager Agents"
elif [ "$SUBSYSTEM_TYPE" = "tps" ] ; then
#### Enter correct TPS agent group ####
- agent_group_name="TPS Manager Agents"
+ agent_group_name="TPS Agents"
fi
rlRun "pki -d $CERTDB_DIR \
-n \"$admin_cert_nickname\" \
@@ -192,23 +198,27 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out"
elif [ $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then
+ if [ "$SUBSYSTEM_TYPE" = "tps" ] ; then
+ operator_group_name="TPS Operators"
+ else
+ operator_group_name="Trusted Managers"
+ fi
rlRun "pki -d $CERTDB_DIR \
-n \"$admin_cert_nickname\" \
-c $CERTDB_DIR_PASSWORD \
-h $SUBSYSTEM_HOST \
-t $SUBSYSTEM_TYPE \
-p $(eval echo \$${subsystemId}_UNSECURE_PORT) \
- group-member-add \"Trusted Managers\" $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \
+ group-member-add \"$operator_group_name\" $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \
0 \
- "Add user $userid to Trusted Managers group"
+ "Add user $userid to $operator_group_name group"
rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out"
rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out"
fi
#================#
-
- if [ $userid == $(eval echo \$${subsystemId}_adminV_user) -o $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_adminE_user) -o $userid == $(eval echo \$${subsystemId}_agentV_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) -o $userid == $(eval echo \$${subsystemId}_agentE_user) -o $userid == $(eval echo \$${subsystemId}_auditV_user) -o $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then
+ if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then
if [ "$MYROLE" = "MASTER" ]; then
- get_topo_stack MASTER $TmpDir/topo_file
+ get_topo_stack $MYROLE $TmpDir/topo_file
if [ $subsystemId = "SUBCA1" ]; then
MYCAHOST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
elif [ $subsystemId = "CLONE_CA1" ]; then
@@ -247,7 +257,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi
rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $userid@example.com $temp_file"
rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file"
- if [ $userid == $(eval echo \$${subsystemId}_adminV_user) -o $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_agentV_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) -o $userid == $(eval echo \$${subsystemId}_auditV_user) -o $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then
+ if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then
#cert-request-submit=====
#subsystem can be ca or tps
subsystem=ca
diff --git a/tests/dogtag/acceptance/install-tests/ca-installer.sh b/tests/dogtag/acceptance/install-tests/ca-installer.sh
index 122490e71..0544c5491 100644
--- a/tests/dogtag/acceptance/install-tests/ca-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/ca-installer.sh
@@ -39,23 +39,27 @@ run_rhcs_ca_installer_tests()
SUBSYSTEM_TYPE=$2
MYROLE=$3
if [ "$TOPO9" = "TRUE" ] ; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
- prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+ ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+ prefix=$subsystemId
+ CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+ admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME)
elif [ "$MYROLE" = "MASTER" ] ; then
- if [[ $subsystemId == SUBCA* ]]; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
- prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
- else
- ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
- prefix=ROOTCA
- CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
- fi
+ if [[ $subsystemId == SUBCA* ]]; then
+ ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+ prefix=$subsystemId
+ CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+ admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME)
+ else
+ ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+ prefix=ROOTCA
+ CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
+ admin_cert_nickname=$ROOTCA_ADMIN_CERT_NICKNAME
+ fi
else
- ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
- prefix=$MYROLE
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
+ ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
+ prefix=$MYROLE
+ CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
+ admin_cert_nickname=$(eval echo \$${MYROLE}_ADMIN_CERT_NICKNAME)
fi
SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
@@ -63,12 +67,11 @@ run_rhcs_ca_installer_tests()
##### Create a temporary directory to save output files #####
rlPhaseStartSetup "pki_run_rhcs_ca_installer_tests: Create temporary directory"
- rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
- rlRun "pushd $TmpDir"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-001: Installing and Uninstalling CA"
-
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-001: Installing and Uninstalling CA"
run_rhcs_install_packages
if [ "$prefix" = "ROOTCA" ]; then
run_install_subsystem_RootCA
@@ -80,9 +83,8 @@ run_rhcs_ca_installer_tests()
rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
- rlLog "Uninstall CA tests"
rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
- exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallCA.out"
+ exp_message2_3="Uninstallation complete"
rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
rlPhaseEnd
@@ -98,7 +100,7 @@ run_rhcs_ca_installer_tests()
rlAssertGrep "$exp_message_2" "$TmpDir/port_output_file.out"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-003: Cert Tests nickname configurable"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-003: CA certificate nickname is configurable"
rlLog "Checking if the nicknames for the CA certificates are configurable"
rlRun "pkispawn -s CA -f $INSTANCECFG"
rlRun "certutil -L -d /var/lib/pki/$ROOTCA_TOMCAT_INSTANCE_NAME/alias > $TmpDir/cert_nicknames.out"
@@ -115,10 +117,10 @@ run_rhcs_ca_installer_tests()
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-004: security domain parameters"
- rlLog "Checking if a new security domain gets created for the CA"
+ rlLog "Checking if a new security domain gets created for the CA"
local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d '=' -f 2)
local expfile=$TmpDir/expectfile.in
- rlLog "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show""
+ rlLog "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show""
echo "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show"" > $expfile
echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)'
Import CA certificate (Y/n)? \"" >> $expfile
@@ -138,8 +140,8 @@ run_rhcs_ca_installer_tests()
exp_messg1_4="Port: $(eval echo \$${prefix}_UNSECURE_PORT)"
exp_messg1_5="Secure Port: $(eval echo \$${prefix}_SECURE_PORT)"
exp_messg1_6="Domain Manager: TRUE"
- rlLog "cleanup"
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-005: same subject dn for two certs"
@@ -181,7 +183,7 @@ run_rhcs_ca_installer_tests()
rlAssertGrep "$exp_message_1" "$TmpDir/ldap_port_test.out"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-008: give existing base dn"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-008: give existing base dn"
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile5.in > $TmpDir/existing_base_dn_1.out"
@@ -190,23 +192,23 @@ run_rhcs_ca_installer_tests()
exp_messg2="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)"
rlAssertGrep "$exp_messg2" "$TmpDir/existing_base_dn_1.out"
sed -i -e "/pki_ds_remove_data=/s/=.*/=False/g" $TmpDir/tmpconfigfile5.in
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile5.in > $TmpDir/existing_base_dn_2.out 2>&1" 1 "Should fail"
exp_messg3="Installation failed."
rlAssertGrep "$exp_messg3" "$TmpDir/existing_base_dn_2.out"
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-009: checking the pkcs12 password"
- rlRun "pkispawn -s CA -f $INSTANCECFG"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-009: checking the pkcs12 password"
+ rlRun "pkispawn -s CA -f $INSTANCECFG"
local password=$(eval echo \$${prefix}_CLIENT_PKCS12_PASSWORD)
rlRun "pk12util -l $CLIENT_DIR/$(eval echo \$${prefix}_ADMIN_CERT_NICKNAME).p12 -W $password > $TmpDir/pkcs12_password.out"
exp_messg1="Friendly Name: $(eval echo \$${prefix}_ADMIN_CERT_NICKNAME)"
rlAssertGrep "$exp_messg1" "$TmpDir/pkcs12_password.out"
exp_messg2="$(eval echo \$${prefix}_ADMIN_CERT_SUBJECT_NAME)"
rlAssertGrep "$exp_messg2" "$TmpDir/pkcs12_password.out"
- #cleanup
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ #cleanup
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-010: backup keys parameter"
@@ -217,10 +219,10 @@ run_rhcs_ca_installer_tests()
exp_messg1_1="ca_backup_keys.p12"
rlAssertGrep "$exp_messg1_1" "$TmpDir/ldap_backup_keys_test1.out"
sed -i -e "/pki_backup_keys=/s/=.*/=False/g" $TmpDir/tmpconfigfile7.in
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile7.in"
rlRun "ls /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 > $TmpDir/ldap_backup_keys_test2.out" 2 "Should Fail"
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-011: backup password"
@@ -236,30 +238,38 @@ run_rhcs_ca_installer_tests()
rlAssertGrep "$exp_messg1_3" "$TmpDir/backup_passwd_test.out"
exp_messg1_4="Friendly Name: $(eval echo \$${prefix}_AUDIT_SIGNING_CERT_SUBJECT_NAME)"
rlAssertGrep "$exp_messg1_4" "$TmpDir/backup_passwd_test.out"
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-012: client database purge"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-012: client database purge BZ1165873"
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile9.in"
rlRun "pkispawn -s CA -f $INSTANCECFG"
rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 2 "Should Fail"
- sed -i -e "/pki_client_database_purge=/s/=.*/=False/g" $TmpDir/tmpconfigfile9.in
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ sed -i -e "/pki_client_database_purge=/s/=.*/=False/g" $TmpDir/tmpconfigfile9.in
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile9.in"
rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 0 "Should succeed"
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1165873"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-013: subject name special characters"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-013: subject name special characters"
+ #two % are required for successful parsing
local subjectdn="cn=rh@cs/-$%%!!,O=red^hat"
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile10.in"
- sed -i -e ' pki_ca_signing_subject_dn= s =.* =cn=rh@cs -$%%!!,O=red^hat g' $TmpDir/tmpconfigfile10.in
+ sed -i -e 's pki_ca_signing_subject_dn=.* pki_ca_signing_subject_dn=cn=rh@cs/-$%%!!,O=red^hat g' $TmpDir/tmpconfigfile10.in
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile10.in > $TmpDir/subjectdn_special_char.out"
#expected output & cleanup
- #installs fine if two % are used but gives an error on just one %
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-014: invalid key size for certificate"
@@ -270,10 +280,9 @@ run_rhcs_ca_installer_tests()
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile11.in > $TmpDir/invalid_key.out 2>&1" 1 "Should fail"
exp_messg1="Installation failed."
rlAssertGrep "$exp_messg1" "$TmpDir/invalid_key.out"
- expected output & cleanup
+ #expected output & cleanup
rlLog "cleanup"
rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
- should give a more desciptive error
rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1184"
rlPhaseEnd
@@ -312,7 +321,8 @@ run_rhcs_ca_installer_tests()
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile13.in"
sed -i -e "/pki_security_domain_name=/s/=.*/=$secdomain_name/g" $TmpDir/tmpconfigfile13.in
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile13.in"
- local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d "=" -f 2)
+ rlRun "sleep 10"
+ local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d "=" -f 2)
rlRun "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias -w $password securitydomain-show > $TmpDir/long_sec_domain_name.out"
exp_messg1="Domain: $secdomain_name"
rlAssertGrep "$exp_messg1" "$TmpDir/long_sec_domain_name.out"
@@ -326,62 +336,52 @@ run_rhcs_ca_installer_tests()
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile14.in"
sed -i -e "/pki_ds_password=/s/=.*/=$password/g" $TmpDir/tmpconfigfile14.in
- rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile14.in > $TmpDir/wrong_ds_passwd.out 2>&1" 1 "Should fail"
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile14.in > $TmpDir/wrong_ds_passwd.out 2>&1" 1 "Should fail"
#expected o/p and cleanup
exp_messg1="ERROR: Unable to access directory server: Invalid credentials"
rlAssertGrep "$exp_messg1" "$TmpDir/wrong_ds_passwd.out"
rlPhaseEnd
-# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-018: instance creation as non root user"
-# local username=rhcs
-# local expfile=$TmpDir/expect-test-018.out
-# local expfile2=$TmpDir/expect-test-018-02.out
-# local password1=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)
-# echo "spawn -noecho "passwd"" > $expfile
-# echo "expect \"Changing password for user root \"" >> $expfile
-# echo "expect \"New password: \"" >> $expfile
-# echo "send -- \"$password1\r\"" >> $expfile
-# echo "expect \"Retype new password: \"" >> $expfile
-# echo "send -- \"$password1\r\"" >> $expfile
-# echo "expect eof" >> $expfile
-# echo "catch wait result" >> $expfile
-# echo "exit [lindex \$result 3]" >> $expfile
-# rlRun "/usr/bin/expect -f $expfile > $TmpDir/change_password.out 2>&1"
-# rlRun "adduser $username"
-# rlRun "su $username"
-# rlRun "cp $INSTANCECFG /home/$username/tmpconfigfile15.in"
-# rlLog "Copying config file into temp file"
-# rlRun "pkispawn -s CA -f /home/$username/tmpconfigfile15.in > /home/$username/nonroot.out 2>&1" 1 "Should fail"
-# exp_messg1="'/usr/sbin/pkispawn' must be run as root!"
-# rlAssertGrep "$exp_messg1" "/home/$username/nonroot.out"
-# #expected output & cleanup
-# echo "spawn -noecho "su root"" > $expfile2
-# echo "expect \"password \"" >> $expfile2
-# echo "send -- \"$password1\r\"" >> $expfile2
-# rlRun "/usr/bin/expect -f $expfile2"
-# rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-018: instance creation as non root user"
+ local username=rhcs
+ rlRun "useradd $username"
+ rlRun "cp $INSTANCECFG /home/$username/tmpconfigfile15.in"
+ rlRun "su -c \"pkispawn -s CA -f /home/$username/tmpconfigfile15.in > /home/$username/nonroot.out 2>&1\" $username" 1 "pkispawn as non-root user should fail"
+ exp_messg1="'/usr/sbin/pkispawn' must be run as root!"
+ rlAssertGrep "$exp_messg1" "/home/$username/nonroot.out"
+ rlRun "userdel -r $username"
+ rlPhaseEnd
+
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-019: special characters in certificate nickname"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-019: special characters in certificate nickname"
local nickname=rh@cs/-$%%!!red^hat
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile16.in"
- sed -i -e ' pki_ca_signing_nickname= s =.*/=rh@cs/-$%%!!red^hat g' $TmpDir/tmpconfigfile16.in
+ sed -i -e 's pki_ca_signing_nickname=.* pki_ca_signing_nickname=rh@cs/-$%%!!red^hat g' $TmpDir/tmpconfigfile16.in
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile16.in > $TmpDir/subjectdn_special_char.out"
+
#expected output & cleanup
- #ask about this, same problem as subject dn
- rlLog "cleanup"
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
rlPhaseEnd
+
rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-020: ds password not provided"
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile17.in"
sed -i -e "/pki_ds_password=/d" $TmpDir/tmpconfigfile17.in
- rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile17.in > $TmpDir/no_ds_password.out 2>&1" 1 "Should fail"
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile17.in > $TmpDir/no_ds_password.out 2>&1" 1 "Should fail"
exp_messg1="pkispawn : ERROR A value for 'pki_ds_password' MUST be defined in '$TmpDir/tmpconfigfile17.in'"
rlAssertGrep "$exp_messg1" "$TmpDir/no_ds_password.out"
- expected output & cleanup
+ # expected output & cleanup
rlPhaseEnd
-
+
rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-021: token and token password"
rlRun "pkispawn -s CA -f $INSTANCECFG"
local password_token=$(eval echo \$${prefix}_TOKEN_PASSWORD)
@@ -394,53 +394,53 @@ run_rhcs_ca_installer_tests()
rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-022: invalid email in admin paramneters"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-022: invalid email in admin parameters BZ1165875"
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile19.in"
sed -i -e "/pki_admin_email=/s/=.*/=pki-ca-test/g" $TmpDir/tmpconfigfile19.in
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile19.in > $TmpDir/invalid_email.out 2>&1" 1 "Should fail"
- exp_messg="Installation failed"
- rlAssertGrep "$exp_messg" "$TmpDir/invalid_email.out"
- rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
- ###not failing##
+ exp_messg="Installation failed"
+ rlAssertGrep "$exp_messg" "$TmpDir/invalid_email.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1165875"
rlPhaseEnd
-# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-023: skip configuration"
-# rlLog "Copying config file into temp file"
-# rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile20.in"
-# sed -i -e "/pki_skip_configuration=/s/=.*/=True/g" $TmpDir/tmpconfigfile20.in
-# rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile20.in > $TmpDir/skip_config.out"
-# exp_messg1_1="The CA subsystem of the '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' instance"
-# rlAssertGrep "$exp_messg1_1" "$TmpDir/skip_config.out"
-# exp_messg1_2="must still be configured!"
-# rlAssertGrep "$exp_messg1_2" "$TmpDir/skip_config.out"
-# rlPhaseEnd
-# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-024: skip installation"
-# rlLog "Copying config file into temp file"
-# rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile21.in"
-# sed -i -e "/pki_skip_installation=/s/=.*/=True/g" $TmpDir/tmpconfigfile21.in
-# rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile21.in > $TmpDir/skip_install.out"
-# exp_message1="Administrator's username: $(eval echo \$${prefix}_ADMIN_USER)"
-# rlAssertGrep "$exp_message1" "$TmpDir/skip_install.out"
-# exp_message2="$(eval echo \$${prefix}_DOMAIN)"
-# rlAssertGrep "$exp_message2" "$TmpDir/skip_install.out"
-# exp_message3_1="To check the status of the subsystem:"
-# rlAssertGrep "$exp_message3_1" "$TmpDir/skip_install.out"
-# exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
-# rlAssertGrep "$exp_message3_2" "$TmpDir/skip_install.out"
-# exp_message4_1="To restart the subsystem:"
-# rlAssertGrep "$exp_message4_1" "$TmpDir/skip_install.out"
-# exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
-# rlAssertGrep "$exp_message4_2" "$TmpDir/skip_install.out"
-# exp_message5="The URL for the subsystem is:"
-# rlAssertGrep "$exp_message5" "$TmpDir/skip_install.out"
-# exp_message5_1="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)/ca"
-# rlAssertGrep "$exp_message5_1" "$TmpDir/skip_install.out"
-# rlLog "cleanup"
-# rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
-# rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-023: skip configuration"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile20.in"
+ sed -i -e "/pki_skip_configuration=/s/=.*/=True/g" $TmpDir/tmpconfigfile20.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile20.in > $TmpDir/skip_config.out"
+ exp_messg1_1="The CA subsystem of the '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' instance"
+ rlAssertGrep "$exp_messg1_1" "$TmpDir/skip_config.out"
+ exp_messg1_2="must still be configured!"
+ rlAssertGrep "$exp_messg1_2" "$TmpDir/skip_config.out"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-024: skip installation"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile21.in"
+ sed -i -e "/pki_skip_installation=/s/=.*/=True/g" $TmpDir/tmpconfigfile21.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile21.in > $TmpDir/skip_install.out"
+ exp_message1="Administrator's username: $(eval echo \$${prefix}_ADMIN_USER)"
+ rlAssertGrep "$exp_message1" "$TmpDir/skip_install.out"
+ exp_message2="$(eval echo \$${prefix}_DOMAIN)"
+ rlAssertGrep "$exp_message2" "$TmpDir/skip_install.out"
+ exp_message3_1="To check the status of the subsystem:"
+ rlAssertGrep "$exp_message3_1" "$TmpDir/skip_install.out"
+ exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message3_2" "$TmpDir/skip_install.out"
+ exp_message4_1="To restart the subsystem:"
+ rlAssertGrep "$exp_message4_1" "$TmpDir/skip_install.out"
+ exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message4_2" "$TmpDir/skip_install.out"
+ exp_message5="The URL for the subsystem is:"
+ rlAssertGrep "$exp_message5" "$TmpDir/skip_install.out"
+ exp_message5_1="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)/ca"
+ rlAssertGrep "$exp_message5_1" "$TmpDir/skip_install.out"
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-025: installation when another instance is already running"
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-025: installation when another instance is already running"
rlLog "Copying config file into temp file"
rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile22.in"
rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile22.in > $TmpDir/install_1.out"
@@ -460,11 +460,218 @@ run_rhcs_ca_installer_tests()
rlRun "certutil -L -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias > $TmpDir/empty_nickname.out"
exp_messg1="(NULL)"
rlAssertGrep "$exp_messg1" "$TmpDir/empty_nickname.out"
- expected output & cleanup
+ #expected output & cleanup
rlLog "cleanup"
rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
- installation goes fine but a null cert gets created which gives segmentation fault on doing a pk12util
+ #installation goes fine but a null cert gets created which gives segmentation fault on doing a pk12util
rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1184"
rlPhaseEnd
-
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-027: Token password parameter has special characters"
+ token_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile27.in"
+ sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile27.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile27.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-028: Client pkcs12 password parameter has special characters"
+ client_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile28.in"
+ sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile28.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile28.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-029: Admin password parameter has special characters"
+ admin_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile29.in"
+ sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile29.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile29.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-030: Backup password parameter has special characters"
+ backup_password="{\&+\$\@*!%"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile30.in"
+ sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile30.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile30.in > $TmpDir/ca30.out 2>&1"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-031: Client database password parameter has special characters"
+ clientdb_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile31.in"
+ sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile31.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile31.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-032: Interactive CA installation"
+ rlLog "Interactive pkispawn of CA"
+ local expfile=$TmpDir/expectfile.in
+ echo "set timeout 5" > $expfile
+ echo "set force_conservative 0" >> $expfile
+ echo "set send_slow {1 .1}" >> $expfile
+ echo "spawn -noecho pkispawn" >> $expfile
+ echo "expect \"Subsystem \(CA/KRA/OCSP/TKS/TPS\) \[CA\]: \"" >> $expfile
+ echo "send -- \"\r\"" >> $expfile
+ echo "expect \"Instance \[pki-tomcat\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)\r\"" >> $expfile
+ echo "expect \"HTTP port \[8080\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_UNSECURE_PORT)\r\"" >> $expfile
+ echo "expect \"Secure HTTP port \[8443\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_SECURE_PORT)\r\"" >> $expfile
+ echo "expect \"AJP port \[8009\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_AJP_PORT)\r\"" >> $expfile
+ echo "expect \"Management port \[8005\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_TOMCAT_SERVER_PORT)\r\"" >> $expfile
+ echo "expect \"Username \[caadmin\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_ADMIN_USER)\r\"" >> $expfile
+ echo "expect \"Password: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_ADMIN_PASSWORD)\r\"" >> $expfile
+ echo "expect \"Verify password: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_ADMIN_PASSWORD)\r\"" >> $expfile
+ echo "expect \"Import certificate (Yes\/No) \[N\]? \"" >> $expfile
+ if [ $(eval echo \$${prefix}_ADMIN_IMPORT_CERT) = "False" ]; then
+ echo "send -- \"\r\"" >> $expfile
+ else
+ echo "send -- \"Y\r\"" >> $expfile
+ fi
+ echo "expect \"Export certificate to \[/root/.dogtag/pki-tomcat/ca_admin.cert\]: \"" >> $expfile
+ echo "send -- \"/root/.dogtag/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/ca_admin.cert\r\"" >> $expfile
+ echo "expect \"Hostname \[`hostname`\]: \"" >> $expfile
+ echo "send -- \"$LDAP_HOSTNAME\r\"" >> $expfile
+ echo "expect \"Use a secure LDAPS connection (Yes\/No\/Quit) \[N\]? \"" >> $expfile
+ echo "send -- \"\r\"" >> $expfile
+ echo "expect \"Port \[389\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_LDAP_PORT)\r\"" >> $expfile
+ echo "expect \"Bind DN \[cn=Directory Manager\]: \"" >> $expfile
+ echo "send -- \"$LDAP_ROOTDN\r\"" >> $expfile
+ echo "expect \"Password: \"" >> $expfile
+ echo "send -- \"$LDAP_ROOTDNPWD\r\"" >> $expfile
+ echo "expect \"Base DN \[o=pki-tomcat-CA\]: \"" >> $expfile
+ echo "send -- \"$(eval echo \$${prefix}_DB_SUFFIX)\r\"" >> $expfile
+ echo "expect \"Name \[`hostname -d` Security Domain\]: \"" >> $expfile
+ echo "send -- \"\r\"" >> $expfile
+ echo "expect \"Begin installation (Yes/No/Quit)? \"" >> $expfile
+ echo "send -- \"Yes\r\"" >> $expfile
+ echo "expect eof" >> $expfile
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pkispawn_ca.out 2>&1" 0 "Interactive pkispawn of CA should be successful"
+ rlRun "sleep 10"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-033: Security domain password parameter has special characters"
+ sec_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile32.in"
+ sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile32.in
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile32.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+ rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-034: CA signed by an external CA - Dogtag Certificate"
+ number=1
+ csr_file=$TmpDir/ca_signing.csr
+ certtype="Dogtag"
+ run_rhcs_install_packages
+ run_install_subsystem_RootCA
+ run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12"
+ rlLog "rhcs_install_CAwithExtCA $number $csr_file $certtype $ROOTCA_ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $admin_cert_nickname $SUBSYSTEM_HOST"
+ rhcs_install_CAwithExtCA $number $csr_file $certtype $ROOTCA_ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $admin_cert_nickname $SUBSYSTEM_HOST
+ rlRun "remove-ds.pl -f -i slapd-pki-subca${number}" 0 "SUBCA ldap instance removed"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-035: CA signed by an external CA - Microsoft CA Certificate"
+ number=1
+ csr_file=$TmpDir/msca_signing.csr
+ certtype="MSCA"
+ run_rhcs_install_packages
+ rlLog "rhcs_install_CAwithExtCA $number $csr_file $certtype"
+ rhcs_install_CAwithExtCA $number $csr_file $certtype
+ rlRun "pkidestroy -s CA -i $(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
+ rlRun "remove-ds.pl -f -i slapd-pki-subca${number}" 0 "SUBCA ldap instance removed"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "pki_run_rhcs_ca_installer_tests-cleanup"
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ if [ "$prefix" = "ROOTCA" ]; then
+ rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+ elif [[ $subsystemId = SUBCA* ]]; then
+ rlRun "remove-ds.pl -f -i slapd-pki-subca1" 0 "SUBCA ldap instance removed"
+ fi
+ rlPhaseEnd
}
diff --git a/tests/dogtag/acceptance/install-tests/kra-installer.sh b/tests/dogtag/acceptance/install-tests/kra-installer.sh
index ca172904d..07111ce31 100644
--- a/tests/dogtag/acceptance/install-tests/kra-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/kra-installer.sh
@@ -34,61 +34,179 @@ run_rhcs_kra_installer_tests()
SUBSYSTEM_TYPE=$2
MYROLE=$3
if [ "$TOPO9" = "TRUE" ] ; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
elif [ "$MYROLE" = "MASTER" ] ; then
- if [[ $subsystemId == SUBCA* ]]; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+ if [[ $subsystemId == SUBCA* ]]; then
prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
- else
- ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+ else
prefix=ROOTCA
- CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
- fi
+ fi
else
- ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
prefix=$MYROLE
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
fi
SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
INSTANCECFG=/tmp/kra_instance.inf
##### Create a temporary directory to save output files #####
rlPhaseStartSetup "pki_run_rhcs_kra_installer_tests: Create temporary directory"
- rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
- rlRun "pushd $TmpDir"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-001: Installing and Uninstalling KRA"
- local number=3
+ rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-001: Installing and Uninstalling KRA"
+ local number=3
local BEAKERMASTER=`hostname`
local CA=ROOTCA
run_rhcs_install_packages
- run_install_subsystem_RootCA
- run_install_subsystem_KRA $number $BEAKERMASTER $CA
+ run_install_subsystem_RootCA
+ run_install_subsystem_kra $number $BEAKERMASTER $CA
rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
- exp_message2_2="PKI Subsystem Type: (Security Domain)"
+ exp_message2_2="PKI Subsystem Type: DRM"
rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
rlLog "Uninstall KRA tests"
rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
- exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallKRA.out"
+ exp_message2_3="Uninstallation complete"
rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallKRA.out"
-
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-002: SSL cert parameters"
cp $INSTANCECFG $TmpDir/tmpconfig1.in
sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
rlRun "pkispawn -s KRA -f $TmpDir/tmpconfig1.in > $TmpDir/kra_ssl.out 2>&1" 1 "Should fail"
- exp_messg3="Installation Failed."
+ exp_messg3="Installation failed."
rlAssertGrep "$exp_messg3" "$TmpDir/kra_ssl.out"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallKRA.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+ rlRun "sleep 20"
rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-003: Token password parameter has special characters"
+ token_password="{\&+\$\@*!"
+ INSTANCECFG_CA=/tmp/ca_instance.inf
+ rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA"
+ rlRun "sleep 20"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+ sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+ rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile3.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+ exp_message2_2="PKI Subsystem Type: DRM"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-004: Client pkcs12 password parameter has special characters"
+ client_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+ sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+ rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile4.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+ exp_message2_2="PKI Subsystem Type: DRM"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-005: Admin password parameter has special characters"
+ admin_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+ sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+ rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile5.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+ exp_message2_2="PKI Subsystem Type: DRM"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-006: Backup password parameter has special characters"
+ backup_password="{\&+\$\@*!%"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+ sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+ rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile6.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+ exp_message2_2="PKI Subsystem Type: DRM"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-007: Client database password parameter has special characters"
+ clientdb_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+ sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+ rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile7.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+ exp_message2_2="PKI Subsystem Type: DRM"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+ sec_password="{\&+\$\@*!"
+ rlLog "Copying KRA config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+ sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+ rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile8.in > $TmpDir/kra8.out 2>&1"
+ rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out"
+ exp_message2_2="PKI Subsystem Type: DRM"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA"
+ rlRun "sleep 20"
+ rlLog "https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "pki_run_rhcs_kra_installer_tests-cleanup"
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlRun "remove-ds.pl -f -i slapd-pki-kra3-ldap" 0 "KRA ldap instance removed"
+ rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+ rlPhaseEnd
}
diff --git a/tests/dogtag/acceptance/install-tests/ocsp-installer.sh b/tests/dogtag/acceptance/install-tests/ocsp-installer.sh
index 08b4f9b19..94c6b382d 100644
--- a/tests/dogtag/acceptance/install-tests/ocsp-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/ocsp-installer.sh
@@ -34,61 +34,177 @@ run_rhcs_ocsp_installer_tests()
SUBSYSTEM_TYPE=$2
MYROLE=$3
if [ "$TOPO9" = "TRUE" ] ; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
elif [ "$MYROLE" = "MASTER" ] ; then
- if [[ $subsystemId == SUBCA* ]]; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+ if [[ $subsystemId == SUBCA* ]]; then
prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
- else
- ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+ else
prefix=ROOTCA
- CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
- fi
+ fi
else
- ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
prefix=$MYROLE
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
fi
SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
INSTANCECFG=/tmp/ocsp_instance.inf
##### Create a temporary directory to save output files #####
rlPhaseStartSetup "pki_run_rhcs_ocsp_installer_tests: Create temporary directory"
- rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
- rlRun "pushd $TmpDir"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-001: Installing and Uninstalling OCSP"
- local number=3
+ rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-001: Installing and Uninstalling OCSP"
+ local number=3
local BEAKERMASTER=`hostname`
local CA=ROOTCA
run_rhcs_install_packages
- run_install_subsystem_RootCA
- run_install_subsystem_OCSP $number $BEAKERMASTER $CA
+ run_install_subsystem_RootCA
+ run_install_subsystem_ocsp $number $BEAKERMASTER $CA
rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
- exp_message2_2="PKI Subsystem Type: (Security Domain)"
+ exp_message2_2="PKI Subsystem Type: OCSP"
rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
rlLog "Uninstall OCSP tests"
- rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
- exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallOCSP.out"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallOCSP.out
+ exp_message2_3="Uninstallation complete"
rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallOCSP.out"
-
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-002: SSL cert parameters"
cp $INSTANCECFG $TmpDir/tmpconfig1.in
sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfig1.in > $TmpDir/ocsp_ssl.out 2>&1" 1 "Should fail"
- exp_messg3="Installation Failed."
+ exp_messg3="Installation failed."
rlAssertGrep "$exp_messg3" "$TmpDir/ocsp_ssl.out"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled OCSP"
+ rlRun "sleep 20"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+ rlRun "sleep 20"
rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-003: Token password parameter has special characters"
+ token_password="{\&+\$\@*!"
+ INSTANCECFG_CA=/tmp/ca_instance.inf
+ rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA"
+ rlRun "sleep 20"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+ sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+ rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile3.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+ exp_message2_2="PKI Subsystem Type: OCSP"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-004: Client pkcs12 password parameter has special characters"
+ client_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+ sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+ rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile4.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+ exp_message2_2="PKI Subsystem Type: OCSP"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-005: Admin password parameter has special characters"
+ admin_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+ sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+ rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile5.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+ exp_message2_2="PKI Subsystem Type: OCSP"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-006: Backup password parameter has special characters"
+ backup_password="{\&+\$\@*!%"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+ sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+ rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile6.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+ exp_message2_2="PKI Subsystem Type: OCSP"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-007: Client database password parameter has special characters"
+ clientdb_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+ sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+ rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile7.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+ exp_message2_2="PKI Subsystem Type: OCSP"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+ sec_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+ sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+ rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile8.in > $TmpDir/ocsp8.out 2>&1"
+ rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out"
+ exp_message2_2="PKI Subsystem Type: OCSP"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall OCSP"
+ rlRun "sleep 20"
+ rlLog "https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "pki_run_rhcs_ocsp_installer_tests-cleanup"
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlRun "remove-ds.pl -f -i slapd-pki-ocsp3-ldap" 0 "OCSP ldap instance removed"
+ rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+ rlPhaseEnd
}
diff --git a/tests/dogtag/acceptance/install-tests/tks-installer.sh b/tests/dogtag/acceptance/install-tests/tks-installer.sh
index 654a2a1cd..3959f04dd 100644
--- a/tests/dogtag/acceptance/install-tests/tks-installer.sh
+++ b/tests/dogtag/acceptance/install-tests/tks-installer.sh
@@ -34,61 +34,180 @@ run_rhcs_tks_installer_tests()
SUBSYSTEM_TYPE=$2
MYROLE=$3
if [ "$TOPO9" = "TRUE" ] ; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
elif [ "$MYROLE" = "MASTER" ] ; then
- if [[ $subsystemId == SUBCA* ]]; then
- ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+ if [[ $subsystemId == SUBCA* ]]; then
prefix=$subsystemId
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
- else
- ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION
+ else
prefix=ROOTCA
- CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD
- fi
+ fi
else
- ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION)
prefix=$MYROLE
- CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD)
fi
SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
INSTANCECFG=/tmp/tks_instance.inf
##### Create a temporary directory to save output files #####
rlPhaseStartSetup "pki_run_rhcs_tks_installer_tests: Create temporary directory"
- rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
- rlRun "pushd $TmpDir"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
rlPhaseEnd
- rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-001: Installing and Uninstalling TKS"
- local number=3
+ rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-001: Installing and Uninstalling TKS"
+ local number=1
local BEAKERMASTER=`hostname`
local CA=ROOTCA
run_rhcs_install_packages
- run_install_subsystem_RootCA
- run_install_subsystem_TKS $number $BEAKERMASTER $CA
+ run_install_subsystem_RootCA
+ run_install_subsystem_tks $number $BEAKERMASTER $CA
rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
- exp_message2_2="PKI Subsystem Type: (Security Domain)"
+ exp_message2_2="PKI Subsystem Type: TKS"
rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
rlLog "Uninstall TKS tests"
- rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out
- exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallTKS.out"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTKS.out
+ exp_message2_3="Uninstallation complete"
rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTKS.out"
-
rlPhaseEnd
rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-002: SSL cert parameters"
cp $INSTANCECFG $TmpDir/tmpconfig1.in
sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
rlRun "pkispawn -s TKS -f $TmpDir/tmpconfig1.in > $TmpDir/tks_ssl.out 2>&1" 1 "Should fail"
- exp_messg3="Installation Failed."
+ exp_messg3="Installation failed."
rlAssertGrep "$exp_messg3" "$TmpDir/tks_ssl.out"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTKS.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTKS.out"
+ rlRun "sleep 20"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+ rlRun "sleep 20"
rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-003: Token password parameter has special characters"
+ token_password="{\&+\$\@*!"
+ INSTANCECFG_CA=/tmp/ca_instance.inf
+ rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA"
+ rlRun "sleep 20"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+ sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+ rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile3.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+ exp_message2_2="PKI Subsystem Type: TKS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-004: Client pkcs12 password parameter has special characters"
+ client_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+ sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+ rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile4.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+ exp_message2_2="PKI Subsystem Type: TKS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-005: Admin password parameter has special characters"
+ admin_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+ sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+ rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile5.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+ exp_message2_2="PKI Subsystem Type: TKS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-006: Backup password parameter has special characters"
+ backup_password="{\&+\$\@*!%"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+ sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+ rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile6.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+ exp_message2_2="PKI Subsystem Type: TKS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-007: Client database password parameter has special characters"
+ clientdb_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+ sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+ rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile7.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+ exp_message2_2="PKI Subsystem Type: TKS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+ rlRun "sleep 20"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+ sec_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+ sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+ rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile8.in > $TmpDir/tks8.out 2>&1"
+ rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out"
+ exp_message2_2="PKI Subsystem Type: TKS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS"
+ rlRun "sleep 20"
+ rlLog "https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "pki_run_rhcs_tks_installer_tests-cleanup"
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlRun "remove-ds.pl -f -i slapd-pki-tks1-ldap" 0 "TKS ldap instance removed"
+ rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+ rlPhaseEnd
}
diff --git a/tests/dogtag/acceptance/install-tests/tps-installer.sh b/tests/dogtag/acceptance/install-tests/tps-installer.sh
new file mode 100755
index 000000000..28f90aca2
--- /dev/null
+++ b/tests/dogtag/acceptance/install-tests/tps-installer.sh
@@ -0,0 +1,242 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/installer-tests/tps-installer.sh
+# Description: PKI TPS Installer Test
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+#
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Include files
+. ./acceptance/quickinstall/rhcs-set-time.sh
+. ./acceptance/quickinstall/rhcs-install.sh
+. ./acceptance/quickinstall/rhcs-install-lib.sh
+. /opt/rhqa_pki/env.sh
+run_rhcs_tps_installer_tests()
+{
+ subsystemId=$1
+ SUBSYSTEM_TYPE=$2
+ MYROLE=$3
+ if [ "$TOPO9" = "TRUE" ] ; then
+ prefix=$subsystemId
+ elif [ "$MYROLE" = "MASTER" ] ; then
+ if [[ $subsystemId == SUBCA* ]]; then
+ prefix=$subsystemId
+ else
+ prefix=ROOTCA
+ fi
+ else
+ prefix=$MYROLE
+ fi
+
+ SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
+ INSTANCECFG=/tmp/tps_instance.inf
+ ##### Create a temporary directory to save output files #####
+ rlPhaseStartSetup "pki_run_rhcs_tps_installer_tests: Create temporary directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-001: Installing and Uninstalling TPS BZ1188331"
+ local number=3
+ local BEAKERMASTER=`hostname`
+ local CA=ROOTCA
+ local KRA=KRA3
+ local TKS=TKS1
+ local TKS_number=1
+ local TPS_number=1
+ run_rhcs_install_packages
+ run_install_subsystem_RootCA
+ run_install_subsystem_kra $number $BEAKERMASTER $CA
+ run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA
+ run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $KRA $TKS
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: tps"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ rlLog "Uninstall TPS tests"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTPS.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTPS.out"
+ rlRun "sleep 20"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-002: Server side keygen is set to false, installation successful BZ1188331"
+ cp $INSTANCECFG $TmpDir/tmpconfig2.in
+ sed -i -e "/pki_enable_server_side_keygen=/s/=.*/=False/g" $TmpDir/tmpconfig2.in
+ rlRun "sleep 5"
+ sed -i -e "/pki_kra_uri/d" $TmpDir/tmpconfig2.in
+ rlRun "sleep 5"
+ rlRun "pkispawn -s TPS -v -f $TmpDir/tmpconfig2.in > $TmpDir/tps_keygen.out 2>&1" 0 "Should pass"
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ rlLog "Uninstall TPS tests"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTPS.out
+ exp_message2_3="Uninstallation complete"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTPS.out"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-003: Token password parameter has special characters BZ1188331"
+ token_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in"
+ sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in
+ rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile3.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: TPS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+ rlRun "sleep 20"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-004: Client pkcs12 password parameter has special characters BZ1188331"
+ client_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in"
+ sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in
+ rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile4.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: TPS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+ rlRun "sleep 20"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-005: Admin password parameter has special characters BZ1188331"
+ admin_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in"
+ sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in
+ rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile5.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: TPS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+ rlRun "sleep 20"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-006: Backup password parameter has special characters BZ1188331"
+ backup_password="{\&+\$\@*!%"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in"
+ sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in
+ rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile6.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: TPS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+ rlRun "sleep 20"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-007: Client database password parameter has special characters BZ1188331"
+ clientdb_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in"
+ sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in
+ rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile7.in"
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: TPS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+ rlRun "sleep 20"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-008: Security domain password parameter has special characters - Ticket 668"
+ sec_password="{\&+\$\@*!"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in"
+ sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in
+ rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile8.in > $TmpDir/tps8.out 2>&1"
+ rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out"
+ exp_message2_2="PKI Subsystem Type: TPS"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS"
+ rlRun "sleep 20"
+ rlLog "https://fedorahosted.org/pki/ticket/668"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-009: SSL cert parameters"
+ cp $INSTANCECFG $TmpDir/tmpconfig1.in
+ sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
+ sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
+ sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
+ sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
+ sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
+ sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
+ sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in
+ rlRun "sleep 5"
+ rlRun "pkispawn -s TPS -f $TmpDir/tmpconfig1.in > $TmpDir/tps_ssl.out 2>&1" 1 "Should fail"
+ exp_messg3="Installation failed."
+ rlAssertGrep "$exp_messg3" "$TmpDir/tps_ssl.out"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "pki_run_rhcs_tps_installer_tests-cleanup"
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed"
+ rlRun "remove-ds.pl -f -i slapd-pki-kra3-ldap" 0 "KRA ldap instance removed"
+ rlRun "remove-ds.pl -f -i slapd-pki-tks1-ldap" 0 "TKS ldap instance removed"
+ rlRun "remove-ds.pl -f -i slapd-pki-tps1-ldap" 0 "TPS ldap instance removed"
+ rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled TPS"
+ rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled TKS"
+ rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled KRA"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA"
+ rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh b/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh
new file mode 100755
index 000000000..17e7557df
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh
@@ -0,0 +1,5703 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# runtest.sh of /CoreOS/rhcs/acceptance/legacy/tps-tests/tps-enrollments.sh
+# Description: TPS Enrollment tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Author: Roshni Pattath <rpattath@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+#
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_tps-enrollment_tests()
+{
+ local cs_Type=$1
+ local cs_Role=$2
+
+ # Creating Temporary Directory for tps-enrollments tests
+ rlPhaseStartSetup "pki_tps_enrollments Temporary Directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+
+ # Local Variables
+ get_topo_stack $cs_Role $TmpDir/topo_file
+ local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+ local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2)
+ local target_unsecure_port=$(eval echo \$${TPS_INST}_UNSECURE_PORT)
+ local target_secure_port=$(eval echo \$${TPS_INST}_SECURE_PORT)
+ local tmp_ca_admin=$CA_INST\_adminV
+ local tmp_ca_agent=$CA_INST\_agentV
+ local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+ local tmp_tps_host=$(eval echo \$${cs_Role})
+ local valid_admin_cert=$TPS_INST\_adminV
+ local valid_agent_cert=$TPS_INST\_agentV
+ local valid_admin1_cert=$TPS_INST\_admin1V
+ local valid_agent1_cert=$TPS_INST\_agent1V
+ local valid_admin_user=$TPS_INST\_adminV
+ local valid_admin_user_password=$TPS_INST\_adminV_password
+
+ rlPhaseStartTest "pki_tps_enrollments-001: Add an LDAP user and enroll a token using tpsclient"
+ ldap_user_num=001
+ change_type="add"
+ passwd="redhat"
+ local tps_out="$TmpDir/admin_out_tpsenroll001"
+ local cuid="10000000000000000001"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers001.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers001.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers001.ldif | grep uid: | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll001.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll001.test
+ /usr/bin/tpsclient < $TmpDir/enroll001.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-002: Pin reset a token using tpsclient"
+ local tps_out="$TmpDir/admin_out_tpsenroll002"
+ local cuid="10000000000000000001"
+ rlLog "gen_pin_reset_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/pinreset002.test"
+ gen_pin_reset_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/pinreset002.test
+ /usr/bin/tpsclient < $TmpDir/pinreset002.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_reset_pin' Success" "$tps_out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-003: Format a token using tpsclient"
+ local tps_out="$TmpDir/admin_out_tpsenroll003"
+ local cuid="10000000000000000001"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format003.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format003.test
+ /usr/bin/tpsclient < $TmpDir/format003.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ #Cleanup
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ #### TPS audit logging is not functional yet. https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007
+
+ rlPhaseStartTest "pki_tps_enrollments-004: Perform 50 enrollments"
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 50 > $TmpDir/ldapusers004.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers004.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 51 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="3000000000000000000$i"
+ else
+ cuid="300000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers004.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+ i=1
+ while [ $i -lt 51 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="3000000000000000000$i"
+ else
+ cuid="300000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ #Cleanup
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-005: Edit the key size property of userKey profile - BZ 1192232"
+ header_005="$TmpDir/header005"
+ local tps_out="$TmpDir/admin_out_tpsenroll0053"
+ local cuid="10000000000000000053"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers005.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers005.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers005.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test
+ /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1
+ rlRun "sleep 10"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify the certs on the token. Implement that after https://fedorahosted.org/pki/ticket/1164 is fixed
+ #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ #for j in ${serial[@]}; do
+ # rlLog "$j"
+ # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ # rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ # rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ #done
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate005"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+ # Remove the below when bug 1192232 is fixed
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile005"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile005" 0 "Download user key profile to a file"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile005
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile005
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile005 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/verifykeysize005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/verifykeysize005"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/verifykeysize005"
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/changestate005"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test
+ /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1
+
+ rlRun "sleep 10"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlLog "gen_enroll_data_file $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test
+ /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1
+ rlRun "sleep 10"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify the certs on the token to check if the key size changes have been applied
+ #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ #for j in ${serial[@]}; do
+ # rlLog "$j"
+ # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ # rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ # rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ #done
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test
+ /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1
+ rlRun "sleep 10"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/changestate005"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile005
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile005
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile005 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/verifykeysize005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/verifykeysize005"
+ rlRun "curl --dump-header $header_005 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_005"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/changestate005"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1
+ rlRun "sleep 10"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify the certs on the token to check if the key size changes have been applied
+ #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ #for j in ${serial[@]}; do
+ # rlLog "$j"
+ # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ # rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ # rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ #done
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test
+ /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1
+ rlRun "sleep 10"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-006: Admin cannot edit userKey profile unless Agent disables the profile"
+ header_006="$TmpDir/header006"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Check the status of userKey Profile is Enabled"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile006"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile006" 0 "Download user key profile to a file"
+ rlLog "Edit the userKey Profile xml file by changing the encryption key keySize and update the profile. This should fail."
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile006
+ rlLog "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile006 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile006 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 403 Forbidden" "$header_006"
+ rlAssertGrep "Unable to update profile userKey" "$TmpDir/changekeysize006"
+ rlLog "Agent disables the profile userKey"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate006"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlLog "Edit userKey profile - key size of encryption key 1024-2048"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile006 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize006"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate006"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate006"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006"
+ #Revert back the changes
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate006"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile006
+ rlLog "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile006 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile006 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize006"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate006"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlRun "curl --dump-header $header_006 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_006"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate006"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-007: Enrollment fails when profile is disabled - BZ 1192232"
+ header_007="$TmpDir/header007"
+ local tps_out="$TmpDir/admin_out_tpsenroll0054"
+ local cuid="10000000000000000054"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Check the status of userKey Profile is Enabled and disable it."
+ rlRun "curl --dump-header $header_007 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate007"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate007"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+ # Remove the below when bug 1192232 is fixed
+ rlRun "curl --dump-header $header_007 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate007"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+
+ rlLog "Disable the userKey profile"
+ rlRun "curl --dump-header $header_007 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate007"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+ rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/changestate007"
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers007.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers007.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers007.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0054.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0054.test
+ /usr/bin/tpsclient < $TmpDir/enroll0054.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format007.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format007.test
+ /usr/bin/tpsclient < $TmpDir/format007.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ #Revert back the change
+ rlRun "curl --dump-header $header_007 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate007"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_007"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_tps_enrollments-008: Agent approves the profile changes made by Admin"
+ header_008="$TmpDir/header008"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Check the status of userKey Profile is Enabled"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile008"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile008" 0 "Download user key profile to a file"
+ rlLog "Agent disables the profile userKey"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate008"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile008
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile008
+ rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile008 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize008"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize008"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Agent user approve and enable the profile"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate008"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate008"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/currentstate008"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+ #Revert back the changes
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate008"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile008
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile008
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "curl --dump-header $header_008 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile008 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile008 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize008"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate008"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlRun "curl --dump-header $header_008 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_008"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate008"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024" "$TmpDir/currentstate008"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-009: Enrollment fails when profile is in Pending_Approval state"
+ header_009="$TmpDir/header009"
+ local tps_out="$TmpDir/admin_out_tpsenroll0055"
+ local cuid="10000000000000000055"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Check the status of userKey Profile is Enabled and disable it."
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile009"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile009" 0 "Download user key profile to a file"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate009"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile009
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile009
+ rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile009 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize009"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize009"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers009.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers009.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0055.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0055.test
+ /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "Approve the profile changes"
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/currentstate009"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate009"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/currentstate009"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify the certs on the token to check if the key size changes have been applied
+ #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ #for j in ${serial[@]}; do
+ # rlLog "$j"
+ # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ # rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ # rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ #done
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format009.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format009.test
+ /usr/bin/tpsclient < $TmpDir/format009.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Revert back the change
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate009"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile009
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile009
+ rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile009 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize009"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize009"
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate009"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlRun "curl --dump-header $header_009 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_009"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate009"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024" "$TmpDir/currentstate009"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009"
+ /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ #Verify the certs on the token to check if the key size changes have been reverted
+ #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ #for j in ${serial[@]}; do
+ # rlLog "$j"
+ # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ # rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ # rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ #done
+
+ /usr/bin/tpsclient < $TmpDir/format009.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-010: Create a new profile using the properties of userKey profile and agent approves"
+ header_010="$TmpDir/header010"
+ local tps_out="$TmpDir/admin_out_tpsenroll0056"
+ local cuid="10000000000000000056"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Check the status of userKey Profile is Enabled."
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate010"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile010"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile010" 0 "Download user key profile to a file"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Disable the userKey profile"
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate010"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+ rlLog "Delete the userKey profile"
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize010"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_010"
+ rlLog "Verify the profile userKey has been deleted"
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010"
+ rlAssertGrep "HTTP/1.1 404 Not Found" "$header_010"
+ rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile010
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile010
+ rlLog "Create a profile with the name userKey"
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X POST \
+ --data @$TmpDir/userkey-profile010 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles > $TmpDir/changekeysize010"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 201 Created" "$header_010"
+ rlLog "Verify the userKey profile has been created"
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+ rlLog "Enable the profile before attempting enrollment"
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate010"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+ rlLog "Enroll and format a token using tpsclient"
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers010.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers010.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0056.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0056.test
+ /usr/bin/tpsclient < $TmpDir/enroll0056.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify the certs on the token to check if the key size changes have been reverted
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ for j in ${serial[@]}; do
+ rlLog "$j"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ done
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format010.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format010.test
+ /usr/bin/tpsclient < $TmpDir/format010.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Edit the keySize back to 1024"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile010
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile010
+ rlLog "Disable the profile before editing it"
+
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate010"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile010 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize010"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+
+ rlLog "Approve the changes made to the profile"
+
+ rlRun "curl --dump-header $header_010 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate010"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_010"
+ /usr/bin/tpsclient < $TmpDir/enroll0056.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify the certs on the token to check if the key size changes have been reverted
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ for j in ${serial[@]}; do
+ rlLog "$j"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ done
+
+ /usr/bin/tpsclient < $TmpDir/format010.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_tps_enrollments-011: Create a new profile userKey when userKey profile already exists"
+ header_011="$TmpDir/header011"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Check the status of userKey Profile is Enabled."
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile011"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile011" 0 "Download user key profile to a file"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Disable the userKey profile"
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate011"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile011
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile011
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile011 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize011"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlLog "Approve the changes made to the profile"
+
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate011"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011"
+ rlLog "Create a profile with the name userKey"
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X POST \
+ --data @$TmpDir/userkey-profile011 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles > $TmpDir/changekeysize011"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 409 Conflict" "$header_011"
+
+ # Revert back the changes
+
+ rlLog "Disable the userKey profile"
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate011"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile011
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile011
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile011 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize011"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlLog "Approve the changes made to the profile"
+
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate011"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlRun "curl --dump-header $header_011 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_011"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-012: Profile is not enabled if it is rejected by agent after modification to profile"
+ header_012="$TmpDir/header012"
+ local tps_out="$TmpDir/admin_out_tpsenroll0057"
+ local cuid="10000000000000000057"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Check the status of userKey Profile is Enabled."
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate012"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile012"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile012" 0 "Download user key profile to a file"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+ rlLog "Disable the userKey profile"
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate012"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+ rlLog "Set the keySize to 2048 in the saved userKey profile xml file"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile012
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile012
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile012 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize012"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+
+ rlLog "Reject the changes made to the profile"
+
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=reject > $TmpDir/changestate012"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+ rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/currentstate012"
+
+ #Revert the changes back
+
+ rlLog "Set the keySize to 1024 in the saved userKey profile xml file"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile012
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile012
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile012 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize012"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+
+ rlLog "Approve the changes made to the profile"
+
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate012"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+ rlRun "curl --dump-header $header_012 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_012"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate012"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers010.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers010.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0057.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0057.test
+ /usr/bin/tpsclient < $TmpDir/enroll0057.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ #Verify the certs on the token to check if the key size changes have been reverted
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ for j in ${serial[@]}; do
+ rlLog "$j"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out"
+ rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out"
+ rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out"
+ done
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format012.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format012.test
+ /usr/bin/tpsclient < $TmpDir/format012.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ ### TPS subsystem connection is not working. https://bugzilla.redhat.com/show_bug.cgi?id=1194050. 2 tests skipped.
+
+ rlPhaseStartTest "pki_tps_enrollments-013: Edit the mapping order of enrollment profile mapper - BZ 1192232"
+ header_013="$TmpDir/header013"
+ local tps_out="$TmpDir/admin_out_tpsenroll0058"
+ local cuid="10000000000000000058"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Review the mapping order of enroll profile mapping"
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/currentstate013"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+ rlAssertGrep "<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2" "$TmpDir/currentstate013"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate013"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+ # Remove the below when bug 1192232 is fixed
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate013"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+ rlLog "Download enroll mapping profile"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping013"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping013" 0 "Download enroll profile mapping to a file"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+
+ rlLog "Set the enroll profile mapping order property to 2,0,1"
+ sed -i -e "s/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">2,0,1/g" $TmpDir/enroll-profile-mapping013
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/enroll-profile-mapping013 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/changeorder013"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/changestate013"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers013.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers013.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers013.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0058.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0058.test
+ /usr/bin/tpsclient < $TmpDir/enroll0058.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format013.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format013.test
+ /usr/bin/tpsclient < $TmpDir/format013.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ #Revert back the change
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate013"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+
+ sed -i -e "s/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">2,0,1/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2/g" $TmpDir/enroll-profile-mapping013
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/enroll-profile-mapping013 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/changeorder013"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+
+ rlRun "curl --dump-header $header_013 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_013"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/changestate013"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0058.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format013.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-014: Delete the existing enroll mapping profile and add a new one"
+ header_014="$TmpDir/header014"
+ local tps_out="$TmpDir/admin_out_tpsenroll0059"
+ local cuid="10000000000000000059"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Review the mapping order of enroll profile mapping"
+ rlRun "curl --dump-header $header_014 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/currentstate014"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_014"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate014"
+ rlRun "curl --dump-header $header_014 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate014"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_014"
+
+ rlLog "Download enroll mapping profile"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping014"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping014" 0 "Download enroll profile mapping to a file"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)"
+ rlRun "curl --dump-header $header_014 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/deletemapping014"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_014"
+ rlAssertNotGrep "enrollMappingResolver" "$TmpDir/deletemapping014"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers014.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers014.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers014.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0059.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0059.test
+ /usr/bin/tpsclient < $TmpDir/enroll0059.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format014.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format014.test
+ /usr/bin/tpsclient < $TmpDir/format014.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Create a new enroll profile mapping using the downloaded file"
+ rlRun "curl --dump-header $header_014 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X POST \
+ --data @$TmpDir/enroll-profile-mapping014 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings > $TmpDir/addenrollmapping014"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 201 Created" "$header_014"
+ rlAssertGrep "enrollMappingResolver" "$TmpDir/addenrollmapping014"
+
+ rlRun "curl --dump-header $header_014 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate014"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_014"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0059.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format014.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-015: TPS process shutdown when the audit log (disk) is full - PKI ticket 1006"
+ header_015="$TmpDir/header015"
+ local tps_out="$TmpDir/admin_out_tpsenroll0060"
+ local cuid="10000000000000000060"
+ partition_created="false"
+ new_mount_dir="/tps-audit-logs"
+ #Create 2M ram-disk for the audit logs
+ rlRun "mkdir $new_mount_dir"
+ rlRun "mount -t tmpfs -o size=2M,mode=0755 tmpfs $new_mount_dir"
+ rlRun "chown pkiuser:pkiuser $new_mount_dir"
+ # Add appropriate selinux context to the partition:
+ semanage_loc="/usr/sbin/semanage"
+ rlRun "$semanage_loc fcontext -a -t pki_tomcat_log_t $new_mount_dir"
+ rlRun "restorecon -vR $new_mount_dir"
+ partition_created="true"
+
+ if [ $partition_created = "true" ]; then
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak015"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s,log.instance.SignedAudit.fileName=.*,log.instance.SignedAudit.fileName=$new_mount_dir/tps-audit.log,g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Check and delete audit failure message from error log
+ #no error log file
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers015.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers015.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers015.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format015.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format015.test
+ /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0060.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0060.test
+ /usr/bin/tpsclient < $TmpDir/enroll0060.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Fill the disk
+ rlRun "dd if=/dev/zero of=$new_mount_dir/bigfile bs=10K count=117"
+#change ownership of the file
+ rlRun "chown pkiuser: $new_mount_dir/bigfile"
+
+ /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0060.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Remove this when the bug is fixed
+ /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Check the error log for message for failure to write to audit log
+ rlFail "No Audit log messages - https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ #Cleanup partition
+ rlRun "umount $new_mount_dir"
+ rlRun "rm -rf $new_mount_dir"
+ rlRun "rm -rf $tps_conf_bak"
+
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-016: TPS process shutdown when the signed audit log (disk) is full - PKI ticket 1006"
+ header_016="$TmpDir/header016"
+ local tps_out="$TmpDir/admin_out_tpsenroll0061"
+ local cuid="10000000000000000061"
+ partition_created="false"
+ new_mount_dir="/tps-audit-log1"
+ #Create 2M ram-disk for the audit logs
+ rlRun "mkdir $new_mount_dir"
+ rlRun "mount -t tmpfs -o size=2M,mode=0755 tmpfs $new_mount_dir"
+ rlRun "chown pkiuser:pkiuser $new_mount_dir"
+ # Add appropriate selinux context to the partition:
+ semanage_loc="/usr/sbin/semanage"
+ rlRun "$semanage_loc fcontext -a -t pki_tomcat_log_t $new_mount_dir"
+ rlRun "restorecon -vR $new_mount_dir"
+ partition_created="true"
+
+ if [ $partition_created = "true" ]; then
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak016"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s,log.instance.SignedAudit.fileName=.*,log.instance.SignedAudit.fileName=$new_mount_dir/tps-audit.log,g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.signedAuditCertNickname=.*/log.instance.SignedAudit.signedAuditCertNickname=$(eval echo \$${TPS_INST}_AUDIT_SIGNING_CERT_NICKNAME)/g" $tps_conf
+ rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.fileName)"
+ rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.logSigning)"
+ rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.signedAuditCertNickname)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Check and delete audit failure message from error log
+ #no error log file
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers016.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers016.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers016.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format016.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format016.test
+ /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0061.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0061.test
+ /usr/bin/tpsclient < $TmpDir/enroll0061.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Fill the disk
+ rlRun "dd if=/dev/zero of=$new_mount_dir/bigfile bs=10K count=117"
+ #change ownership of the file
+ rlRun "chown pkiuser: $new_mount_dir/bigfile"
+
+ /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0061.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Remove this when the bug is fixed
+ /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Check the error log for message for failure to write to audit log
+ rlFail "No Audit log messages - https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ #Cleanup partition
+ rlRun "umount $new_mount_dir"
+ rlRun "rm -rf $new_mount_dir"
+ rlRun "rm -rf $tps_conf_bak"
+
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-017: Audit messages are flushed to the log file for every given flush interval - PKI ticket 1006"
+ header_017="$TmpDir/header017"
+ local tps_out="$TmpDir/admin_out_tpsenroll0062"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak017"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers017.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers017.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers017.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ rlLog "$i"
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 5"
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-018: Audit messages are flushed to the log file for every given flush interval when the flush interval is longer - PKI ticket 1006"
+ header_018="$TmpDir/header018"
+ local tps_out="$TmpDir/admin_out_tpsenroll0063"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak018"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers018.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers018.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers018.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+ #Wait for flush interval
+ rlRun "sleep 123"
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-019: Audit messages are flushed to the log file for every given flush interval when the flush interval is 0 - PKI ticket 1006"
+ header_019="$TmpDir/header019"
+ local tps_out="$TmpDir/admin_out_tpsenroll0064"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak019"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers019.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers019.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers019.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+
+ rlPhaseStartTest "pki_tps_enrollments-020: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog - PKI ticket 1006"
+ header_020="$TmpDir/header020"
+ local tps_out="$TmpDir/admin_out_tpsenroll0065"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak020"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers020.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers020.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers020.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+ #Wait for flush interval
+ rlRun "sleep 5"
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_tps_enrollments-021: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and longer flush interval - PKI ticket 1006"
+ header_021="$TmpDir/header021"
+ local tps_out="$TmpDir/admin_out_tpsenroll0066"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak021"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers021.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers021.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers021.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 123"
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+
+ rlPhaseStartTest "pki_tps_enrollments-022: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and flush interval is 0 - PKI ticket 1006"
+ header_022="$TmpDir/header022"
+ local tps_out="$TmpDir/admin_out_tpsenroll0067"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak022"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers022.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers022.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers022.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+
+ rlPhaseStartTest "pki_tps_enrollments-023: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog, buffer size is very small and flush interval is 5s - PKI ticket 1006"
+ header_023="$TmpDir/header023"
+ local tps_out="$TmpDir/admin_out_tpsenroll0068"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak023"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers023.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers023.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers023.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 5"
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+
+ rlPhaseStartTest "pki_tps_enrollments-024: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and buffer size is 0 - PKI ticket 1006"
+ header_024="$TmpDir/header024"
+ local tps_out="$TmpDir/admin_out_tpsenroll0069"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak024"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=0/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers024.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers024.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers024.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+
+ rlPhaseStartTest "pki_tps_enrollments-025: Audit messages are flushed to the log file for every given flush interval when log signing is enabled - PKI ticket 1006"
+ header_025="$TmpDir/header025"
+ local tps_out="$TmpDir/admin_out_tpsenroll0070"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak025"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers025.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers025.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers025.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 5"
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+
+
+ rlPhaseStartTest "pki_tps_enrollments-026: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and flush interval is longer - PKI ticket 1006"
+ header_026="$TmpDir/header026"
+ local tps_out="$TmpDir/admin_out_tpsenroll0071"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak026"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers026.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers026.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers026.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 123"
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-027: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and flush interval is 0 - PKI ticket 1006"
+ header_027="$TmpDir/header027"
+ local tps_out="$TmpDir/admin_out_tpsenroll0072"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak027"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers027.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers027.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers026.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-028: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and RollingLogFile type - PKI ticket 1006"
+ header_028="$TmpDir/header028"
+ local tps_out="$TmpDir/admin_out_tpsenroll0073"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak028"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers028.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers028.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers028.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 5"
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-029: Audit messages are flushed to the log file for longer flush interval when log signing is enabled and RollingLogFile type - PKI ticket 1006"
+ header_029="$TmpDir/header029"
+ local tps_out="$TmpDir/admin_out_tpsenroll0074"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak029"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers029.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers029.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers029.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+ #Wait for flush interval
+ rlRun "sleep 123"
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-030: Audit messages are flushed to the log file when flush interval is 0 when log signing is enabled and RollingLogFile type - PKI ticket 1006"
+ header_030="$TmpDir/header030"
+ local tps_out="$TmpDir/admin_out_tpsenroll0075"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak030"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers030.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers030.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers030.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-031: Audit messages are flushed to the log file when flush interval is 5 when log signing is enabled, RollingLogFile type and buffer size is very small - PKI ticket 1006"
+ header_031="$TmpDir/header031"
+ local tps_out="$TmpDir/admin_out_tpsenroll0076"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak031"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers031.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers031.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers031.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 5"
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-032: Audit messages are flushed to the log file when flush interval is 5 when log signing is enabled, RollingLogFile type and buffer size is 0 - PKI ticket 1006"
+ header_032="$TmpDir/header032"
+ local tps_out="$TmpDir/admin_out_tpsenroll0077"
+ #Make tps CS.cfg audit log to write to the new partition
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak032"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=0/g" $tps_conf
+ sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf
+ sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf
+
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ #Delete audit log file
+ audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2)
+ #rlRun "rm -rf $audit_log"
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ i=1
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers032.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers032.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ while [ $i -lt 5 ]; do
+ local tps_out="$TmpDir/admin_out_tpsenroll00$i"
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ ldap_user=$(cat $TmpDir/ldapusers032.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test
+ /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ i=$((i+1))
+ done
+
+ #Wait for flush interval
+ rlRun "sleep 5"
+ #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed.
+ rlAssertGrep "idmuser1" "$audit_log"
+ rlLog "https://fedorahosted.org/pki/ticket/1006"
+ rlLog "https://fedorahosted.org/pki/ticket/1007"
+ i=1
+ while [ $i -lt 5 ]; do
+ if [ $i -lt 10 ]; then
+ cuid="4000000000000000000$i"
+ else
+ cuid="400000000000000000$i"
+ fi
+ if [ $i -lt 10 ]; then
+ ldap_user="idmuser$i"
+ else
+ ldap_user="idmuser$i"
+ fi
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test
+ /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ i=$((i+1))
+ done
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ # restore CS.cfg
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-033: Edit the authenticator port - BZ 643446"
+ header_033="$TmpDir/header033"
+ local tps_out="$TmpDir/admin_out_tpsenroll0078"
+ local cuid="10000000000000000078"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Review the authenticator 1"
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/currentstate033"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+ rlAssertGrep "<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)" "$TmpDir/currentstate033"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate033"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+ # Remove the below when bug 1192232 is fixed
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate033"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+ rlLog "Download authenticator 1"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth033"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth033" 0 "Download authenticator ldap1"
+
+ rlLog "Set the authenticator port to 1234"
+ sed -i -e "s/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">1234/g" $TmpDir/auth033
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/auth033 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/changeorder033"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+ #The server has to restarted because of https://bugzilla.redhat.com/show_bug.cgi?id=643446. Remove these lines once the bug is fixed. I am doing this because the further tests are failing if this not done.
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/changestate033"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers033.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers033.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers033.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0078.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0078.test
+ /usr/bin/tpsclient < $TmpDir/enroll0078.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format033.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format033.test
+ /usr/bin/tpsclient < $TmpDir/format033.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+ #Revert back the change
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate033"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+
+ sed -i -e "s/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">1234/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)/g" $TmpDir/auth033
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/auth033 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/changeorder033"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+ #The server has to restarted because of https://bugzilla.redhat.com/show_bug.cgi?id=643446. Remove these lines once the bug is fixed.
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "curl --dump-header $header_033 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_033"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/changestate033"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0078.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format033.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-034: Delete authenticator"
+ header_034="$TmpDir/header034"
+ local tps_out="$TmpDir/admin_out_tpsenroll0079"
+ local cuid="10000000000000000079"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Review the authenticator 1"
+ rlRun "curl --dump-header $header_034 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/currentstate034"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_034"
+ rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate034"
+ rlRun "curl --dump-header $header_034 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate034"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_034"
+ rlLog "Download authenticator 1"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth034"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth034" 0 "Download authenticator ldap1"
+
+ rlRun "curl --dump-header $header_034 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/deleteauth034"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_034"
+ rlAssertNotGrep "ldap1" "$TmpDir/deleteauth034"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers034.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers034.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers034.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0079.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0079.test
+ /usr/bin/tpsclient < $TmpDir/enroll0079.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format034.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format034.test
+ /usr/bin/tpsclient < $TmpDir/format034.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ rlLog "Create a new authenticator 1"
+ rlRun "curl --dump-header $header_034 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X POST \
+ --data @$TmpDir/auth034 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators > $TmpDir/addauth034"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 201 Created" "$header_034"
+ rlAssertGrep "ldap1" "$TmpDir/addauth034"
+
+ rlRun "curl --dump-header $header_034 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate034"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_034"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0079.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format034.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ #tps40 expects enrollment to fail when applet.delete_old is false but it is not so. Also seeing an internal server error during edit config param
+ rlPhaseStartTest "pki_tps_enrollments-035: Edit general configuration - BZ 1195895"
+ header_035="$TmpDir/header035"
+ local tps_out="$TmpDir/admin_out_tpsenroll0080"
+ local cuid="10000000000000000080"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Review general configuration"
+ rlRun "curl --dump-header $header_035 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+ rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/config035"
+ rlLog "Download general config"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-config-show --output $TmpDir/config035"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-config-show --output $TmpDir/config035" 0 "Download general configuration"
+
+ rlLog "Set applet.delete_old to false"
+ sed -i -e "s/<Property name=\"applet.delete_old\">true/<Property name=\"applet.delete_old\">false/g" $TmpDir/config035
+ rlRun "curl --dump-header $header_035 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/config035 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/changeapplet035"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+ rlAssertGrep "<Property name=\"applet.delete_old\">false" "$TmpDir/changeapplet035"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1195895"
+ rlRun "curl --dump-header $header_035 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035"
+
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+ rlAssertGrep "<Property name=\"applet.delete_old\">false" "$TmpDir/config035"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers035.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers035.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers035.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0080.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0080.test
+ /usr/bin/tpsclient < $TmpDir/enroll0080.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format035.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format035.test
+ /usr/bin/tpsclient < $TmpDir/format035.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+ #Revert back the change
+
+ sed -i -e "s/<Property name=\"applet.delete_old\">false/<Property name=\"applet.delete_old\">true/g" $TmpDir/config035
+
+ rlRun "curl --dump-header $header_035 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/config035 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/changeapplet035"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+ rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/changeapplet035"
+
+ rlRun "curl --dump-header $header_035 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035"
+
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_035"
+ rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/config035"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0080.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ /usr/bin/tpsclient < $TmpDir/format035.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-036: Edit key recovery properties of userKey profile"
+ header_036="$TmpDir/header036"
+ local tps_out="$TmpDir/admin_out_tpsenroll0081"
+ local cuid="10000000000000000081"
+ local new_cuid="10000000000000000082"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Check the status of userKey Profile is Enabled"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast" "$TmpDir/currentstate036"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile036"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile036" 0 "Download user key profile to a file"
+ rlLog "Agent disables the profile userKey"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate036"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Edit the userKey Profile xml file by changing the keyRecovery scheme param"
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast/g" $TmpDir/userkey-profile036
+ rlLog "Edit userKey profile - changing the keyRecovery scheme param"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile036 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize036"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize036"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Agent user approve and enable the profile"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate036"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast" "$TmpDir/currentstate036"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers036.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers036.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ local ldap_user=$(cat $TmpDir/ldapusers036.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0081.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0081.test
+ /usr/bin/tpsclient < $TmpDir/enroll0081.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate036"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate036"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate036"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0082.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0082.test
+ /usr/bin/tpsclient < $TmpDir/enroll0082.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify there are 2 encryption certs
+
+ #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+ #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+ #numofentries=$(cat $TmpDir/tokencert.out | grep Token | wc -l)
+ #rlLog "$numofentries"
+ #if [ numofentries = 3 ]; then
+ # rlPass "The token has 3 certificates"
+ #fi
+
+
+ #Add Damaged to format transition to CS.cfg
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak036"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=0:0,0:4,4:0,1:0/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test
+ /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format036.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format036.test
+ /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $new_cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+
+ #Revert back the changes
+
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate036"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast/g" $TmpDir/userkey-profile036
+ rlLog "Edit userKey profile - changing the keyRecovery scheme param"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile036 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize036"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize036"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Agent user approve and enable the profile"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate036"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlRun "curl --dump-header $header_036 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_036"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast" "$TmpDir/currentstate036"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+
+ #Enroll a new token
+ cuid="10000000000000000083"
+ ldap_user=$(cat $TmpDir/ldapusers036.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0083.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0083.test
+ /usr/bin/tpsclient < $TmpDir/enroll0083.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Verify there are 3 certs - Find the certs on a token when a token ID is provided, feature does not exist
+
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out"
+ numofentries=$(cat $TmpDir/tokencert.out | grep Token | wc -l)
+ rlLog "$numofentries"
+ if [ numofentries = 2 ]; then
+ rlPass "Changes have been reverted successfully"
+ fi
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test
+ /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-037: Edit the params that determine the cert revocation in tokenKey profile - BZ 1192232"
+ header_037="$TmpDir/header037"
+ local tps_out="$TmpDir/admin_out_tpsenroll0084"
+ local cuid="10000000000000000084"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "Check the status of tokenKey Profile is Enabled"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">true" "$TmpDir/currentstate037"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232"
+ # Remove the below when bug 1192232 is fixed
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=enable > $TmpDir/changestate037"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+
+ rlLog "Download tokenKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show tokenKey --output $TmpDir/tokenkey-profile037"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show tokenKey --output $TmpDir/tokenkey-profile037" 0 "Download user key profile to a file"
+ rlLog "Agent disables the profile tokenKey"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=disable > $TmpDir/changestate037"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlLog "Edit the tokenKey Profile xml file revokeCert property"
+ sed -i -e "s/<Property name=\"op.format.tokenKey.revokeCert\">true/<Property name=\"op.format.tokenKey.revokeCert\">false/g" $TmpDir/tokenkey-profile037
+ rlLog "Edit userKey profile - revokeCert parameter"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/tokenkey-profile037 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/changekeysize037"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize037"
+ rlLog "Agent user approve and enable the profile"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=approve > $TmpDir/changestate037"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">false" "$TmpDir/currentstate037"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers037.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers037.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers037.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test
+ /usr/bin/tpsclient < $TmpDir/enroll0084.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #to check if there are encryption and signing certs - not complete
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test
+ /usr/bin/tpsclient < $TmpDir/format037.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out"
+ numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l)
+ serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ')
+ for j in ${serial[@]}; do
+ rlLog "$j"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j > $TmpDir/keysizecheck.out"
+ rlAssertGrep "Status: VALID" "$TmpDir/keysizecheck.out"
+ done
+
+ #Revert the changes
+
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=disable > $TmpDir/changestate037"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlLog "Edit the tokenKey Profile xml file revokeCert property"
+ sed -i -e "s/<Property name=\"op.format.tokenKey.revokeCert\">false/<Property name=\"op.format.tokenKey.revokeCert\">true/g" $TmpDir/tokenkey-profile037
+ rlLog "Edit userKey profile - revokeCert parameter"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/tokenkey-profile037 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/changekeysize037"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize037"
+ rlLog "Agent user approve and enable the profile"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=approve > $TmpDir/changestate037"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlRun "curl --dump-header $header_037 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_037"
+ rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">true" "$TmpDir/currentstate037"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test
+ /usr/bin/tpsclient < $TmpDir/enroll0084.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test
+ /usr/bin/tpsclient < $TmpDir/format037.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-038: TPS operations.allowedTransitions - default configuration - Format an uninitialized token (0:0)"
+ header_038="$TmpDir/header038"
+ local tps_out="$TmpDir/admin_out_tpsenroll038"
+ local cuid="10000000000000000085"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers038.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers038.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers038.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Format an uninitialized token"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format038.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format038.test
+ /usr/bin/tpsclient < $TmpDir/format038.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlPhaseEnd
+
+
+
+ rlPhaseStartTest "pki_tps_enrollments-039: TPS operations.allowedTransitions - default configuration - Enroll a formatted token (0:4)"
+ local cuid="10000000000000000085"
+ local tps_out="$TmpDir/admin_out_tpsenroll039"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+ /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format039.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format039.test
+ /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-040: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, format the token"
+ local cuid="10000000000000000085"
+ header_040="$TmpDir/header040"
+ local tps_out="$TmpDir/admin_out_tpsenroll040"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+ /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_040 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate040"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+ rlRun "curl --dump-header $header_040 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate040"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate040"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format040.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format040.test
+ /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Mark the token as found and then format"
+ rlRun "curl --dump-header $header_040 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate040"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+ rlRun "curl --dump-header $header_040 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate040"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_040"
+ rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate040"
+
+ /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-041: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, enroll the token"
+ local cuid="10000000000000000085"
+ header_041="$TmpDir/header041"
+ local tps_out="$TmpDir/admin_out_tpsenroll041"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+ /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_041 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate041"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+ rlRun "curl --dump-header $header_041 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate041"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate041"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Mark the token as found and then format"
+ rlRun "curl --dump-header $header_041 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate041"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+ rlRun "curl --dump-header $header_041 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate041"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_041"
+ rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate041"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format41.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format041.test
+ /usr/bin/tpsclient < $TmpDir/format041.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-042: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token issued, mark the temporary lost token to be permanently lost - format or enroll perm lost token"
+ local cuid="10000000000000000085"
+ local new_cuid="10000000000000000086"
+ header_042="$TmpDir/header042"
+ local tps_out="$TmpDir/admin_out_tpsenroll042"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test
+ /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_042 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate042"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+ rlRun "curl --dump-header $header_042 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate042"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate042"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0086.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0086.test
+ /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Temporarily lost token is permanently lost"
+ rlRun "curl --dump-header $header_042 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate042"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate042"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format42.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format042.test
+ /usr/bin/tpsclient < $TmpDir/format042.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete permanently lost token"
+ rlRun "curl --dump-header $header_042 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken042"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_042"
+
+ rlRun "curl --dump-header $header_042 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken042"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_042"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken042"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format42.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format042.test
+ /usr/bin/tpsclient < $TmpDir/format042.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-043: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token is not issued, mark the temporary lost token to be permanently lost - format or enroll perm lost token"
+ local cuid="10000000000000000086"
+ header_043="$TmpDir/header043"
+ local tps_out="$TmpDir/admin_out_tpsenroll043"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0086.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0086.test
+ /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_043 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate043"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+ rlRun "curl --dump-header $header_043 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate043"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate043"
+
+
+ rlLog "Change the state of the token - Temporarily lost token is permanently lost"
+ rlRun "curl --dump-header $header_043 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate043"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate043"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format43.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format043.test
+ /usr/bin/tpsclient < $TmpDir/format043.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+ #Cleanup
+ rlLog "Delete permanently lost token"
+ rlRun "curl --dump-header $header_043 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken043"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_043"
+
+ rlRun "curl --dump-header $header_043 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken043"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_043"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken043"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-044: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token is issued - format the temp token"
+ local cuid="10000000000000000087"
+ local new_cuid="10000000000000000088"
+ header_044="$TmpDir/header044"
+ local tps_out="$TmpDir/admin_out_tpsenroll044"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ #passwd="redhat"
+ #rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers044.ldif"
+ #rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers044.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ #ldap_user=$(cat $TmpDir/ldapusers044.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0087.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0087.test
+ /usr/bin/tpsclient < $TmpDir/enroll0087.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_044 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate044"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_044"
+ rlRun "curl --dump-header $header_044 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate044"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_044"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate044"
+
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0087.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0087.test
+ /usr/bin/tpsclient < $TmpDir/enroll0087.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format44.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format044.test
+ /usr/bin/tpsclient < $TmpDir/format044.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete temporarily lost token"
+ rlRun "curl --dump-header $header_044 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken044"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_044"
+
+ rlRun "curl --dump-header $header_044 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken044"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_044"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken044"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-045: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token issued, mark the temporary lost token to be permanently lost - format the temp token"
+ local cuid="10000000000000000088"
+ local new_cuid="10000000000000000089"
+ header_045="$TmpDir/header045"
+ local tps_out="$TmpDir/admin_out_tpsenroll045"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_045 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate045"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+ rlRun "curl --dump-header $header_045 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate045"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate045"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+
+ rlLog "Change the state of the token - Temporarily lost token is permanently lost"
+ rlRun "curl --dump-header $header_045 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate045"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate045"
+
+ rlLog "Format the temporary token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format45.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format045.test
+ /usr/bin/tpsclient < $TmpDir/format045.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete permanently lost token"
+ rlRun "curl --dump-header $header_045 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken045"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_045"
+
+ rlRun "curl --dump-header $header_045 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken045"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_045"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken045"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-046: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, format the token"
+ local cuid="10000000000000000089"
+ header_046="$TmpDir/header046"
+ local tps_out="$TmpDir/admin_out_tpsenroll046"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to permanently lost"
+ rlRun "curl --dump-header $header_046 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate046"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_046"
+ rlRun "curl --dump-header $header_046 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate046"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_046"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate046"
+
+
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format046.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format046.test
+ /usr/bin/tpsclient < $TmpDir/format046.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete permanently lost token"
+ rlRun "curl --dump-header $header_046 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken046"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_046"
+
+ rlRun "curl --dump-header $header_046 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken046"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_046"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken046"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-047: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, enroll the token"
+ local cuid="10000000000000000089"
+ header_047="$TmpDir/header047"
+ local tps_out="$TmpDir/admin_out_tpsenroll047"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to permanently lost"
+ rlRun "curl --dump-header $header_047 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate047"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_047"
+ rlRun "curl --dump-header $header_047 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate047"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_047"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate047"
+
+
+ rlLog "Enroll the token"
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete permanently lost token"
+ rlRun "curl --dump-header $header_047 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken047"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_047"
+
+ rlRun "curl --dump-header $header_047 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken047"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_047"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken047"
+ rlPhaseEnd
+
+
+
+rlPhaseStartTest "pki_tps_enrollments-048: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, format the token"
+ local cuid="10000000000000000089"
+ header_048="$TmpDir/header048"
+ local tps_out="$TmpDir/admin_out_tpsenroll048"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to physically damaged"
+ rlRun "curl --dump-header $header_048 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate048"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_048"
+ rlRun "curl --dump-header $header_048 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate048"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_048"
+ rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate048"
+
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format048.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format048.test
+ /usr/bin/tpsclient < $TmpDir/format048.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete the damaged token"
+ rlRun "curl --dump-header $header_048 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken048"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_048"
+
+ rlRun "curl --dump-header $header_048 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken048"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_048"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken048"
+ rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-049: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, enroll the token"
+ local cuid="10000000000000000089"
+ header_049="$TmpDir/header049"
+ local tps_out="$TmpDir/admin_out_tpsenroll049"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to physically damaged"
+ rlRun "curl --dump-header $header_049 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate049"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_049"
+ rlRun "curl --dump-header $header_049 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate049"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_049"
+ rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate049"
+
+ rlLog "Enroll the token"
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete permanently lost token"
+ rlRun "curl --dump-header $header_049 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken049"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_049"
+
+ rlRun "curl --dump-header $header_049 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken049"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_049"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken049"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-050: TPS operations.allowedTransitions - Mark the Enrolled token terminated, format the token"
+ local cuid="10000000000000000089"
+ header_050="$TmpDir/header050"
+ local tps_out="$TmpDir/admin_out_tpsenroll050"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to terminated"
+ rlRun "curl --dump-header $header_050 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate050"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_050"
+ rlRun "curl --dump-header $header_050 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate050"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_050"
+ rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate050"
+
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format050.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format050.test
+ /usr/bin/tpsclient < $TmpDir/format050.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete the terminated token"
+ rlRun "curl --dump-header $header_050 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken050"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_050"
+
+ rlRun "curl --dump-header $header_050 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken050"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_050"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken050"
+ rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-051: TPS operations.allowedTransitions - Mark the Enrolled token terminated, enroll the token"
+ local cuid="10000000000000000089"
+ header_051="$TmpDir/header051"
+ local tps_out="$TmpDir/admin_out_tpsenroll051"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temrinated"
+ rlRun "curl --dump-header $header_051 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate051"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_051"
+ rlRun "curl --dump-header $header_051 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate051"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_051"
+ rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate051"
+
+ rlLog "Enroll the token"
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete permanently lost token"
+ rlRun "curl --dump-header $header_051 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken051"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_051"
+
+ rlRun "curl --dump-header $header_051 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken051"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_051"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken051"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_tps_enrollments-052: TPS operations.allowedTransitions - Mark the Enrolled token as physically damaged, temp token is issued"
+ local cuid="10000000000000000088"
+ local new_cuid="10000000000000000089"
+ header_052="$TmpDir/header052"
+ local tps_out="$TmpDir/admin_out_tpsenroll052"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to physically damaged"
+ rlRun "curl --dump-header $header_052 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate052"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_052"
+ rlRun "curl --dump-header $header_052 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate052"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_052"
+ rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate052"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+
+ #Cleanup
+ rlLog "Format the temporary token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format52.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format052.test
+ /usr/bin/tpsclient < $TmpDir/format052.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+
+ rlLog "Delete the damaged token"
+ rlRun "curl --dump-header $header_052 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken052"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_052"
+
+ rlRun "curl --dump-header $header_052 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken052"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_052"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken052"
+ rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-053: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, temp token is issued, temporarily lost token is found"
+ local cuid="10000000000000000088"
+ local new_cuid="10000000000000000089"
+ header_053="$TmpDir/header053"
+ local tps_out="$TmpDir/admin_out_tpsenroll053"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_053 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate053"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+ rlRun "curl --dump-header $header_053 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate053"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate053"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ rlLog "Change the state of the token - Temp lost to temp lost token found"
+ rlRun "curl --dump-header $header_053 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate053"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+ rlRun "curl --dump-header $header_053 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate053"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_053"
+ rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate053"
+
+ #Cleanup
+ rlLog "Format the original token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format53.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format053.test
+ /usr/bin/tpsclient < $TmpDir/format053.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Format the temporary token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format53.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format053.test
+ /usr/bin/tpsclient < $TmpDir/format053.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-054: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, no temp token is issued, temporarily lost token is found"
+ local cuid="10000000000000000088"
+ header_054="$TmpDir/header054"
+ local tps_out="$TmpDir/admin_out_tpsenroll054"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_054 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate054"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+ rlRun "curl --dump-header $header_054 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate054"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate054"
+
+ rlLog "Change the state of the token - Temp lost to temp lost token found"
+ rlRun "curl --dump-header $header_054 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate054"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+ rlRun "curl --dump-header $header_054 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate054"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_054"
+ rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate054"
+
+ #Cleanup
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format54.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format054.test
+ /usr/bin/tpsclient < $TmpDir/format054.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-055: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, temp token is issued, temporarily lost token is terminated"
+ local cuid="10000000000000000088"
+ local new_cuid="10000000000000000089"
+ header_055="$TmpDir/header055"
+ local tps_out="$TmpDir/admin_out_tpsenroll055"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_055 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate055"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+ rlRun "curl --dump-header $header_055 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate055"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate055"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Temp lost to terminated"
+ rlRun "curl --dump-header $header_055 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate055"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+ rlRun "curl --dump-header $header_055 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate055"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+ rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate055"
+
+ #Cleanup
+
+ rlLog "Format the temporary token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format55.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format055.test
+ /usr/bin/tpsclient < $TmpDir/format055.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Delete the terminated token token"
+ rlRun "curl --dump-header $header_055 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken055"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_055"
+
+ rlRun "curl --dump-header $header_055 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken055"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_055"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken055"
+ rlPhaseEnd
+
+
+
+rlPhaseStartTest "pki_tps_enrollments-056: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, no temp token is issued, temporarily lost token is terminated"
+ local cuid="10000000000000000088"
+ header_056="$TmpDir/header056"
+ local tps_out="$TmpDir/admin_out_tpsenroll056"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temporarily lost"
+ rlRun "curl --dump-header $header_056 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate056"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+ rlRun "curl --dump-header $header_056 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate056"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate056"
+
+ rlLog "Change the state of the token - Temp lost to terminated"
+ rlRun "curl --dump-header $header_056 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate056"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+ rlRun "curl --dump-header $header_056 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate056"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+ rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate056"
+
+ #Cleanup
+
+ rlLog "Delete the terminated token token"
+ rlRun "curl --dump-header $header_056 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken056"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_056"
+
+ rlRun "curl --dump-header $header_056 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken056"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_056"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken056"
+
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-057: TPS operations.allowedTransitions - none set"
+ local cuid="10000000000000000088"
+ header_057="$TmpDir/header057"
+ local tps_out="$TmpDir/admin_out_tpsenroll0057"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlRun "curl --dump-header $header_057 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken057"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_057"
+ foundcuid=$(cat $TmpDir/showToken057 | grep $cuid)
+ if [ -n "$foundcuid" ]; then
+ rlLog "Delete the token"
+ rlRun "curl --dump-header $header_057 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken057"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_057"
+ rlRun "curl --dump-header $header_057 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken057"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_057"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken057"
+ fi
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak057"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlLog "Format an uninitialized token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test
+ /usr/bin/tpsclient < $TmpDir/format057.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Format a formatted token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test
+ /usr/bin/tpsclient < $TmpDir/format057.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlPhaseEnd
+
+
+rlPhaseStartTest "pki_tps_enrollments-058: TPS operations.allowedTransitions - Re-enroll a token - Failure"
+ local cuid="10000000000000000088"
+ header_058="$TmpDir/header058"
+ local tps_out="$TmpDir/admin_out_tpsenroll058"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Re-enroll the above token to the same user"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+
+ rlLog "Format the enrolled token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format58.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format058.test
+ /usr/bin/tpsclient < $TmpDir/format058.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlPhaseEnd
+rlPhaseStartTest "pki_tps_enrollments-059: TPS operations.allowedTransitions - Re-enroll a token - add transition 4:4 - Success"
+ local cuid="10000000000000000088"
+ header_059="$TmpDir/header059"
+ local tps_out="$TmpDir/admin_out_tpsenroll059"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak059"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,4:4/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Re-enroll the above token to the same user"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Cleanup
+
+ rlLog "Format the enrolled token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format59.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format059.test
+ /usr/bin/tpsclient < $TmpDir/format059.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-060: TPS operations.allowedTransitions - Re-enroll a token - add transition 4:4 - RE_ENROLL=NO - Failure"
+ local cuid="10000000000000000088"
+ header_060="$TmpDir/header060"
+ local tps_out="$TmpDir/admin_out_tpsenroll060"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak059"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,4:4/g" $tps_conf
+ sed -i -e "s/^tokendb.defaultPolicy=RE_ENROLL=YES/tokendb.defaultPolicy=RE_ENROLL=NO/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rlLog "$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tokendb.defaultPolicy)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Re-enroll the above token to the same user"
+
+ /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+
+ rlLog "Format the enrolled token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format60.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format060.test
+ /usr/bin/tpsclient < $TmpDir/format060.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-061: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, format the token - Add transition 3:0"
+ local cuid="10000000000000000089"
+ header_061="$TmpDir/header061"
+ local tps_out="$TmpDir/admin_out_tpsenroll061"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak061"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,3:0/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temp lost"
+ rlRun "curl --dump-header $header_061 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate061"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_061"
+ rlRun "curl --dump-header $header_061 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate061"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_061"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate061"
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format061.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format061.test
+ /usr/bin/tpsclient < $TmpDir/format061.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-062: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, temp token issued, temp lost token is perm lost, format the perm lost token - Add transition 2:0"
+ local cuid="10000000000000000089"
+ local new_cuid="10000000000000000088"
+ header_062="$TmpDir/header062"
+ local tps_out="$TmpDir/admin_out_tpsenroll062"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak062"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:0/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temp lost"
+ rlRun "curl --dump-header $header_062 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate062"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+ rlRun "curl --dump-header $header_062 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate062"
+ rlRun "sleep 5"
+rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate062"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Temp lost to perm lost"
+ rlRun "curl --dump-header $header_062 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate062"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+ rlRun "curl --dump-header $header_062 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate062"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_062"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate062"
+
+ rlLog "Format the perm lost token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format062.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format062.test
+ /usr/bin/tpsclient < $TmpDir/format062.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+
+ rlLog "Format the temp token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format062.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format062.test
+ /usr/bin/tpsclient < $TmpDir/format062.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-063: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, format the token - Add transition 2:0"
+ local cuid="10000000000000000089"
+ header_063="$TmpDir/header063"
+ local tps_out="$TmpDir/admin_out_tpsenroll063"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak063"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:0/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers063.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers063.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers063.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to permanently lost"
+ rlRun "curl --dump-header $header_063 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate063"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_063"
+ rlRun "curl --dump-header $header_063 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate063"
+ rlRun "sleep 5"
+rlAssertGrep "HTTP/1.1 200 OK" "$header_063"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate063"
+
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format063.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format063.test
+ /usr/bin/tpsclient < $TmpDir/format063.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-064: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, format the token - Add transition 1:0"
+ local cuid="10000000000000000089"
+ header_064="$TmpDir/header064"
+ local tps_out="$TmpDir/admin_out_tpsenroll064"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak064"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,1:0/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers064.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers064.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers064.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to permanently lost"
+ rlRun "curl --dump-header $header_064 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate064"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_064"
+ rlRun "curl --dump-header $header_064 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate064"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_064"
+ rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate064"
+
+
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format064.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format064.test
+ /usr/bin/tpsclient < $TmpDir/format064.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-065: TPS operations.allowedTransitions - Mark the Enrolled token terminated, format the token - Add transition 6:0"
+ local cuid="10000000000000000089"
+ header_065="$TmpDir/header065"
+ local tps_out="$TmpDir/admin_out_tpsenroll065"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak065"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,6:0/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers065.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers065.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers065.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to terminated"
+ rlRun "curl --dump-header $header_065 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate065"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_065"
+ rlRun "curl --dump-header $header_065 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate065"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_065"
+ rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate065"
+
+
+ rlLog "Format the token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format065.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format065.test
+ /usr/bin/tpsclient < $TmpDir/format065.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ #Cleanup
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-066: TPS operations.allowedTransitions and tokendb.defaultPolicy - none set - BZ 1196278"
+ local cuid="10000000000000000088"
+ header_066="$TmpDir/header066"
+ local tps_out="$TmpDir/admin_out_tpsenroll0066"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlRun "curl --dump-header $header_066 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken066"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_066"
+ foundcuid=$(cat $TmpDir/showToken066 | grep $cuid)
+ if [ -n "$foundcuid" ]; then
+ rlLog "Delete the token"
+ rlRun "curl --dump-header $header_066 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken066"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_066"
+ rlRun "curl --dump-header $header_066 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken066"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_066"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken066"
+ fi
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak066"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=/g" $tps_conf
+ sed -i -e "s/^tokendb.allowedTransitions=.*/tokendb.allowedTransitions=/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rlLog "Tokendb transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tokendb.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers066.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers066.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers066.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ rlLog "Format an uninitialized token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format066.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format066.test
+ /usr/bin/tpsclient < $TmpDir/format066.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Format a formatted token"
+
+ /usr/bin/tpsclient < $TmpDir/format066.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278#c2"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-067: TPS operations.allowedTransitions - Mark the Enrolled token terminated, enroll the token - Add transition 6:4 - BZ 1196278"
+ local cuid="10000000000000000089"
+ header_067="$TmpDir/header067"
+ local tps_out="$TmpDir/admin_out_tpsenroll067"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak067"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,6:4/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers067.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers067.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ new_ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to terminated"
+ rlRun "curl --dump-header $header_067 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate067"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_067"
+ rlRun "curl --dump-header $header_067 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate067"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_067"
+ rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate067"
+
+ rlLog "Enroll a the token for the same user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "Enroll the token for a different user"
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+ #Cleanup
+ rlLog "Delete the terminated token token"
+ rlRun "curl --dump-header $header_067 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken067"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_067"
+
+ rlRun "curl --dump-header $header_067 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken067"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_067"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken067"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+
+ new_ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-068: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, enroll the token - Add transition 3:4 - BZ 1196308"
+ local cuid="10000000000000000089"
+ header_068="$TmpDir/header068"
+ local tps_out="$TmpDir/admin_out_tpsenroll068"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak068"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,3:4/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers068.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers068.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers068.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ new_ldap_user=$(cat $TmpDir/ldapusers068.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temp lost"
+ rlRun "curl --dump-header $header_068 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate068"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_068"
+ rlRun "curl --dump-header $header_068 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate068"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_068"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate068"
+
+ rlLog "Enroll the token for the same user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196308"
+
+ rlLog "Enroll the token for a different user"
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete the terminated token token"
+ rlRun "curl --dump-header $header_068 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken068"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_068"
+
+ rlRun "curl --dump-header $header_068 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken068"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_068"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken068"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-069: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, temp token issued, temp lost token is perm lost, enroll the perm lost token - Add transition 2:4 - BZ 1196278"
+ local cuid="10000000000000000089"
+ local new_cuid="10000000000000000088"
+ header_069="$TmpDir/header069"
+ local tps_out="$TmpDir/admin_out_tpsenroll069"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak069"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:4/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers069.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers069.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers069.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ new_ldap_user=$(cat $TmpDir/ldapusers069.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to temp lost"
+ rlRun "curl --dump-header $header_069 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate069"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+ rlRun "curl --dump-header $header_069 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate069"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+ rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate069"
+
+ #Enroll a new token for the same user
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Temp lost to perm lost"
+ rlRun "curl --dump-header $header_069 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate069"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+ rlRun "curl --dump-header $header_069 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate069"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate069"
+
+ rlLog "Enroll the token for the same user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "Enroll the token for a different user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+ #Cleanup
+
+ rlLog "Format the temp token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format069.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format069.test
+ /usr/bin/tpsclient < $TmpDir/format069.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Delete the perm lost token token"
+ rlRun "curl --dump-header $header_069 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken069"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_069"
+
+ rlRun "curl --dump-header $header_069 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken069"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_069"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken069"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $new_cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-070: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, enroll the token - Add transition 1:4 - BZ 1196278"
+ local cuid="10000000000000000089"
+ header_070="$TmpDir/header070"
+ local tps_out="$TmpDir/admin_out_tpsenroll070"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak070"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,1:4/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers070.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers070.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers070.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ new_ldap_user=$(cat $TmpDir/ldapusers070.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to physically damaged"
+ rlRun "curl --dump-header $header_070 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate070"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_070"
+ rlRun "curl --dump-header $header_070 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate070"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_070"
+ rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate070"
+
+ rlLog "Enroll the token for the same user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ rlLog "Enroll the token for a different user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+ #Cleanup
+ rlLog "Delete the damaged token"
+ rlRun "curl --dump-header $header_070 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken070"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_070"
+
+ rlRun "curl --dump-header $header_070 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken070"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_070"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken070"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-071: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, enroll the token - Add transition 2:4 - BZ 1196278"
+ local cuid="10000000000000000089"
+ header_071="$TmpDir/header071"
+ local tps_out="$TmpDir/admin_out_tpsenroll071"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+
+ transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak071"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:4/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers071.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers071.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers071.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ new_ldap_user=$(cat $TmpDir/ldapusers071.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ rlLog "Change the state of the token - Enrolled to physically damaged"
+ rlRun "curl --dump-header $header_071 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate071"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_071"
+ rlRun "curl --dump-header $header_071 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate071"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_071"
+ rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate071"
+
+ rlLog "Enroll the token for the same user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+ rlLog "Enroll the token for a different user"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ #Cleanup
+ rlLog "Delete the damaged token"
+ rlRun "curl --dump-header $header_071 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken071"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_071"
+
+ rlRun "curl --dump-header $header_071 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken071"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_071"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken071"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-072: Two Agent users approve the profile change at the same time"
+ header_073="$TmpDir/header073"
+ local tps_out="$TmpDir/admin_out_tpsenroll073"
+ local cuid="10000000000000000073"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers073.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers073.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers073.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Check the status of userKey Profile is Enabled"
+ rlRun "curl --dump-header $header_073 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate073"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate073"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile073"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile073" 0 "Download user key profile to a file"
+ rlLog "Agent disables the profile userKey"
+ rlRun "curl --dump-header $header_073 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate073"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile073
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile073
+ rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+ rlRun "curl --dump-header $header_073 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile073 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize073"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize073"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Two Agent users approve and enable the profile"
+
+ username="Valid_TPS_Agent"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ user-add --fullName=\"$username\" $valid_agent1_cert" 0 "Add user $valid_agent1_cert to TPS"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ group-member-add \"TPS Agents\" $valid_agent1_cert" \
+ 0 \
+ "Add user $valid_agent1_cert to TPS Agents"
+ local temp_file="$CERTDB_DIR/certrequest_001.xml"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$tmp_ca_admin\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t ca \
+ -p $tmp_ca_port \
+ cert-request-profile-show caUserCert --output $temp_file" \
+ 0 \
+ "Enrollment Template for Profile caUserCert"
+ rlRun "generate_PKCS10 \"$CERTDB_DIR\" \"$CERTDB_DIR_PASSWORD\" rsa 2048 \"$CERTDB_DIR/request_001.out\" \"CN=admin1V\" " 0 "generate PKCS10 certificate"
+ rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+ rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+ rlRun "dos2unix $CERTDB_DIR/request_001.out"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v 'pkcs10' $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $CERTDB_DIR/request_001.out)\" $temp_file" 0 "adding certificate request"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v $valid_agent1_cert $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v $valid_agent1_cert@example.com $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v $username $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v Engineering $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v Example $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v US $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v $valid_agent1_cert $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $valid_agent1_cert@example.com $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file"
+
+ subsystem=ca
+ rlLog "Executing: pki cert-request-submit $temp_file"
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest.out" 0 "Executing pki cert-request-submit"
+ rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest.out"
+ rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest.out"
+ rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest.out"
+ rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest.out"
+ local request_id=`cat $CERTDB_DIR/certrequest.out | grep "Request ID:" | awk '{print $3}'`
+ rlLog "Request ID=$request_id"
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001.out" 0 "Executing pki cert-request-show $request_id"
+ rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001.out"
+ rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001.out"
+ rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001.out"
+ rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001.out"
+
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$tmp_ca_agent\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t ca \
+ -p $tmp_ca_port \
+ cert-request-review $request_id --action=approve > $CERTDB_DIR/certapprove_001.out" \
+ 0 \
+ "CA agent approve the cert"
+ rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001.out"
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ca-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $request_id"
+ rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'`
+ rlLog "Cerificate Serial Number=$certificate_serial_number"
+
+ #Verify the certificate is valid
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001.out" 0 "Executing pki cert-show $certificate_serial_number"
+ rlAssertGrep "Subject: UID=$valid_agent1_cert,E=$valid_agent1_cert@example.com,CN=$username,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001.out"
+ rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001.out"
+
+ rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_001.out > $CERTDB_DIR/validcert_001.pem"
+ rlRun "certutil -d $CERTDB_DIR -A -n $valid_agent1_cert -i $CERTDB_DIR/validcert_001.pem -t "u,u,u""
+ rlRun "pki -d $CERTDB_DIR/ \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ user-cert-add $valid_agent1_cert --input $CERTDB_DIR/validcert_001.pem > $CERTDB_DIR/useraddcert_001.out" \
+ 0 \
+ "Cert is added to the user $valid_agent1_cert"
+
+ echo "$valid_agent1_cert" > $TmpDir/commands073
+ echo "$valid_agent_cert" >> $TmpDir/commands073
+ rlRun "sleep 5"
+ rlRun "cat $TmpDir/commands073 | xargs -n2 -I % curl --dump-header $header_073 -E \"%:$CERTDB_DIR_PASSWORD\" -X POST -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/xargs-result073" 0 "Two agents approves the profile change"
+ rlAssertGrep "Enabled" "$TmpDir/xargs-result073"
+ rlAssertGrep "Invalid action: approve" "$TmpDir/xargs-result073"
+ rlRun "sleep 10"
+ rlLog "Enroll a token"
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0073.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0073.test
+ /usr/bin/tpsclient < $TmpDir/enroll0073.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Revert the changes
+
+ rlRun "curl --dump-header $header_073 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate073"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile073
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile073
+ rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+ rlRun "curl --dump-header $header_073 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile073 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize073"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize073"
+
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Approve as an agent user"
+ rlRun "curl --dump-header $header_073 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate073"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_073"
+
+ rlLog "Format a token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format073.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format073.test
+ /usr/bin/tpsclient < $TmpDir/format073.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ user-del $valid_agent1_cert" 0 "Delete user $valid_agent1_cert"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-073: Two Admin users edit the same params at the same time"
+ header_074="$TmpDir/header074"
+ local tps_out="$TmpDir/admin_out_tpsenroll074"
+ local cuid="10000000000000000074"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers074.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers074.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers074.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Check the status of userKey Profile is Enabled"
+ rlRun "curl --dump-header $header_074 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate074"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+ rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate074"
+ rlLog "Download userKey profile properties"
+ rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile074"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile074" 0 "Download user key profile to a file"
+ rlLog "Agent disables the profile userKey"
+ rlRun "curl --dump-header $header_074 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate074"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile074
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile074
+ rlLog "Edit userKey profile - by two admin users"
+
+ username="Valid_TPS_Admin"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ user-add --fullName=\"$username\" $valid_admin1_cert" 0 "Add user $valid_admin1_cert to TPS"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ group-member-add \"Administrators\" $valid_admin1_cert" \
+ 0 \
+ "Add user $valid_admin1_cert to Administrators"
+ local temp_file="$CERTDB_DIR/certrequest_001.xml"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$tmp_ca_admin\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t ca \
+ -p $tmp_ca_port \
+ cert-request-profile-show caUserCert --output $temp_file" \
+ 0 \
+ "Enrollment Template for Profile caUserCert"
+ rlRun "generate_PKCS10 \"$CERTDB_DIR\" \"$CERTDB_DIR_PASSWORD\" rsa 2048 \"$CERTDB_DIR/request_001.out\" \"CN=admin1V\" " 0 "generate PKCS10 certificate"
+ rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+ rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out"
+ rlRun "dos2unix $CERTDB_DIR/request_001.out"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v 'pkcs10' $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $CERTDB_DIR/request_001.out)\" $temp_file" 0 "adding certificate request"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v $valid_admin1_cert $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v $valid_admin1_cert@example.com $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v $username $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v Engineering $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v Example $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v US $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v $valid_admin1_cert $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $valid_admin1_cert@example.com $temp_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file"
+ subsystem=ca
+ rlLog "Executing: pki cert-request-submit $temp_file"
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest.out" 0 "Executing pki cert-request-submit"
+ rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest.out"
+ rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest.out"
+ rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest.out"
+ rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest.out"
+ local request_id=`cat $CERTDB_DIR/certrequest.out | grep "Request ID:" | awk '{print $3}'`
+ rlLog "Request ID=$request_id"
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001.out" 0 "Executing pki cert-request-show $request_id"
+ rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001.out"
+ rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001.out"
+ rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001.out"
+ rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001.out"
+
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$tmp_ca_agent\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t ca \
+ -p $tmp_ca_port \
+ cert-request-review $request_id --action=approve > $CERTDB_DIR/certapprove_001.out" \
+ 0 \
+ "CA agent approve the cert"
+ rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001.out"
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ca-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $request_id"
+ rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_001.out"
+ local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'`
+ rlLog "Cerificate Serial Number=$certificate_serial_number"
+
+ #Verify the certificate is valid
+ rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001.out" 0 "Executing pki cert-show $certificate_serial_number"
+ rlAssertGrep "Subject: UID=$valid_admin1_cert,E=$valid_admin1_cert@example.com,CN=$username,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001.out"
+ rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001.out"
+
+ rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_001.out > $CERTDB_DIR/validcert_001.pem"
+ rlRun "certutil -d $CERTDB_DIR -A -n $valid_admin1_cert -i $CERTDB_DIR/validcert_001.pem -t "u,u,u""
+ rlRun "pki -d $CERTDB_DIR/ \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ user-cert-add $valid_admin1_cert --input $CERTDB_DIR/validcert_001.pem > $CERTDB_DIR/useraddcert_001.out" \
+ 0 \
+ "Cert is added to the user $valid_admin1_cert"
+
+
+ echo "$valid_admin1_cert" > $TmpDir/commands074
+ echo "$valid_admin_cert" >> $TmpDir/commands074
+ rlRun "sleep 5"
+ rlRun "cat $TmpDir/commands074 | xargs -n2 -I % curl --dump-header $header_074 -E \"%:$CERTDB_DIR_PASSWORD\" -H \"Content-Type: application/xml\" -X PATCH --data @$TmpDir/userkey-profile074 -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/xargs-result074" 0 "Two admin users edit the profile"
+ rlAssertGrep "Unable to update profile userKey" "$TmpDir/xargs-result074"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/xargs-result074"
+ rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/xargs-result074"
+ rlAssertGrep "Pending_Approval" "$TmpDir/xargs-result074"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Agent approves the profile userKey"
+ rlRun "curl --dump-header $header_074 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate074"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+ rlAssertGrep "Enabled" "$TmpDir/changestate074"
+ rlRun "sleep 10"
+ rlLog "Enroll a token"
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0074.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0074.test
+ /usr/bin/tpsclient < $TmpDir/enroll0074.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+
+ #Revert the changes
+
+ rlRun "curl --dump-header $header_074 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate074"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile."
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile074
+ sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile074
+ rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval"
+ rlRun "curl --dump-header $header_074 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -H \"Content-Type: application/xml\" \
+ -X PATCH \
+ --data @$TmpDir/userkey-profile074 \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize074"
+ rlRun "sleep 5"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+ rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize074"
+
+ rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)"
+ rlLog "Approve as an agent user"
+ rlRun "curl --dump-header $header_074 \
+ -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+ -X POST \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate074"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_074"
+
+ rlLog "Format a token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format074.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format074.test
+ /usr/bin/tpsclient < $TmpDir/format074.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$valid_admin_cert\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -h $tmp_tps_host \
+ -t tps \
+ -p $target_unsecure_port \
+ user-del $valid_admin1_cert"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_tps_enrollments-074: TPS operations.allowedTransitions - random junk value - BZ 1196278"
+ local cuid="10000000000000000088"
+ header_072="$TmpDir/header072"
+ local tps_out="$TmpDir/admin_out_tpsenroll0072"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlRun "curl --dump-header $header_072 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken072"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_072"
+ foundcuid=$(cat $TmpDir/showToken072 | grep $cuid)
+ if [ -n "$foundcuid" ]; then
+ rlLog "Delete the token"
+ rlRun "curl --dump-header $header_072 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -X DELETE \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken072"
+ rlAssertGrep "HTTP/1.1 204 No Content" "$header_072"
+ rlRun "curl --dump-header $header_072 \
+ -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+ -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken072"
+ rlAssertGrep "HTTP/1.1 200 OK" "$header_072"
+ rlAssertNotGrep "$cuid" "$TmpDir/showToken072"
+ fi
+
+ tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg"
+ tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak072"
+ rlRun "cp $tps_conf $tps_conf_bak"
+ sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=junk\$^@123&/g" $tps_conf
+ rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ passwd="redhat"
+ rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers072.ldif"
+ rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers072.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+ ldap_user=$(cat $TmpDir/ldapusers072.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ')
+ new_ldap_user=$(cat $TmpDir/ldapusers072.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ')
+
+ rlLog "Format an uninitialized token"
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test
+ /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlLog "Format a formatted token"
+
+ /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Failure" "$tps_out"
+
+ rlLog "Enroll a formatted token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test
+ /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out"
+
+ cuid="10000000000000000090"
+
+ rlLog "Enroll an uninitialized token"
+
+ rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0090.test"
+ gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0090.test
+ /usr/bin/tpsclient < $TmpDir/enroll0090.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out"
+ rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278"
+
+ #Cleanup
+ rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/format072.test"
+ gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test
+ /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1
+ rlRun "sleep 20"
+ rlAssertGrep "Operation 'ra_format' Success" "$tps_out"
+
+ rlRun "cp $tps_conf_bak $tps_conf"
+ rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+
+ rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)
+ rlRun "rm -rf $tps_conf_bak"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token"
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\""
+ rlPhaseEnd
+
+
+ rlPhaseStartSetup "pki_console_acl-cleanup"
+ #Delete temporary directory
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh
index 69b3f5097..482b81b5f 100755
--- a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh
+++ b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh
@@ -38,6 +38,7 @@
. /usr/bin/rhts-environment.sh
. /usr/share/beakerlib/beakerlib.sh
. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
. /opt/rhqa_pki/rhcs-install-shared.sh
. /opt/rhqa_pki/env.sh
@@ -207,7 +208,7 @@ rhcs_install_kra() {
#Install and configure RHDS instance
rlLog "Creating LDAP server Instance to configure KRA"
- rlRun "rhds_install $(eval echo \$KRA${number}_LDAP_PORT) $(eval echo \$KRA${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$KRA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for KRA install" 0 "Install LDAP Instance"
+ rlRun "rhds_install $(eval echo \$KRA${number}_LDAP_PORT) $(eval echo \$KRA${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$KRA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for KRA install"
#Install KRA
rlLog "Creating KRA Instance"
@@ -343,7 +344,7 @@ rhcs_install_ocsp() {
local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER)
#Install and configure RHDS instance
rlLog "Creating LDAP server Instance to configure OCSP"
- rlRun "rhds_install $(eval echo \$OCSP${number}_LDAP_PORT) $(eval echo \$OCSP${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$OCSP${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for OCSP install" 0 "Install LDAP Instance"
+ rlRun "rhds_install $(eval echo \$OCSP${number}_LDAP_PORT) $(eval echo \$OCSP${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$OCSP${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for OCSP install"
#Install OCSP
rlLog "Creating OCSP Instance"
@@ -460,19 +461,19 @@ rhcs_install_ocsp() {
rhcs_install_tks() {
rlPhaseStartTest "rhcs_install_tks - Install RHCS TKS Server"
rlLog "$FUNCNAME"
- local INSTANCECFG="/tmp/tks_instance.inf"
- local INSTANCE_CREATE_OUT="/tmp/tks_instance_create.out"
- local SUBSYSTEM_NAME=$(echo TKS${number})
- rhcs_install_prep_disableFirewall
- #Install and configure RHDS instance
- rlLog "Creating LDAP server Instance to configure TKS"
- rlRun "rhds_install $(eval echo \$TKS${number}_LDAP_PORT) $(eval echo \$TKS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TKS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TKS install" 0 "Install LDAP Instance"
local number=$1
local master_hostname=$2
local CA=$3
local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-)
local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER)
local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT)
+ local INSTANCECFG="/tmp/tks_instance.inf"
+ local INSTANCE_CREATE_OUT="/tmp/tks_instance_create.out"
+ local SUBSYSTEM_NAME=$(echo TKS${number})
+ rhcs_install_prep_disableFirewall
+ #Install and configure RHDS instance
+ rlLog "Creating LDAP server Instance to configure TKS"
+ rlRun "rhds_install $(eval echo \$TKS${number}_LDAP_PORT) $(eval echo \$TKS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TKS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TKS install"
#Install TKS
rlLog "Creating TKS Instance"
rlLog "Setting up Dogtag TKS instance ............."
@@ -569,7 +570,7 @@ rhcs_install_tks() {
rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
exp_message5="The URL for the subsystem is:"
rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
- exp_message5_1="https://$(hostname):$(eval echo \$${CA}_SECURE_PORT)/tks"
+ exp_message5_1="https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/tks"
rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
# echo "export TKS_SERVER_ROOT=/var/lib/pki/$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)/tks" >> /opt/rhqa_pki/env.sh
mkdir -p $CLIENT_PKCS12_DIR
@@ -577,7 +578,137 @@ rhcs_install_tks() {
rlPhaseEnd
}
+###########################################################
+# TPS INSTALL TESTS #
+###########################################################
+rhcs_install_tps() {
+ rlPhaseStartTest "rhcs_install_tps - Install RHCS TPS Server"
+ rlLog "$FUNCNAME"
+ local number=$1
+ local master_hostname=$2
+ local CA=$3
+ local KRA=$4
+ local TKS=$5
+ local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-)
+ local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER)
+ local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT)
+ local INSTANCECFG="/tmp/tps_instance.inf"
+ local INSTANCE_CREATE_OUT="/tmp/tps_instance_create.out"
+ local SUBSYSTEM_NAME=$(echo TPS${number})
+ rhcs_install_prep_disableFirewall
+ #Install and configure RHDS instance
+ rlLog "Creating LDAP server Instance to configure TPS"
+ rlRun "rhds_install $(eval echo \$TPS${number}_LDAP_PORT) $(eval echo \$TPS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TPS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TPS install"
+ #Install TPS
+ rlLog "Creating TPS Instance"
+ rlLog "Setting up Dogtag TPS instance ............."
+ echo "[DEFAULT]" > $INSTANCECFG
+ echo "pki_instance_name=$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG
+ echo "pki_https_port=$(eval echo \$TPS${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_http_port=$(eval echo \$TPS${number}_UNSECURE_PORT)" >> $INSTANCECFG
+ echo "pki_ajp_port=$(eval echo \$TPS${number}_AJP_PORT)" >> $INSTANCECFG
+ echo "pki_tomcat_server_port=$(eval echo \$TPS${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG
+ echo "pki_user=$USER" >> $INSTANCECFG
+ echo "pki_group=$GROUP" >> $INSTANCECFG
+ echo "pki_audit_group=$GROUP_AUDIT" >> $INSTANCECFG
+ echo "pki_token_name=$ROOTCA_TOKEN_NAME" >> $INSTANCECFG
+ echo "pki_token_password=$ROOTCA_TOKEN_PASSWORD" >> $INSTANCECFG
+ echo "pki_client_pkcs12_password=$(eval echo \$TPS${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG
+ echo "pki_admin_password=$(eval echo \$TPS${number}_ADMIN_PASSWORD)" >> $INSTANCECFG
+
+ echo "[TPS]" >> $INSTANCECFG
+
+ echo "pki_subsytem_key_type=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_subsystem_key_size=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_subsystem_key_algorithm=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_subsystem_signing_algorithm=$(eval echo \$TPS${number}_SUBSYSTEM_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_subsystem_token=$(eval echo \$TPS${number}_SUBSYSTEM_TOKEN )" >> $INSTANCECFG
+ echo "pki_subsystem_nickname=$(eval echo \$TPS${number}_SUBSYSTEM_CERT_NICKNAME)" >> $INSTANCECFG
+ echo "pki_subsystem_subject_dn=$(eval echo \$TPS${number}_SUBSYSTEM_SUBJECT_DN)" >> $INSTANCECFG
+ echo "pki_audit_signing_key_type=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_audit_signing_key_size=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_audit_signing_key_algorithm=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_audit_signing_signing_algorithm=$(eval echo \$TPS${number}_AUDIT_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_audit_signing_token=$(eval echo \$TPS${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG
+ echo "pki_audit_signing_nickname=$(eval echo \$TPS${number}_AUDIT_SIGNING_CERT_NICKNAME)" >> $INSTANCECFG
+ echo "pki_audit_signing_subject_dn=$(eval echo \$TPS${number}_AUDIT_SIGNING_SUBJECT_DN)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_type=$(eval echo \$TPS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_size=$(eval echo \$TPS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_algorithm=$(eval echo \$TPS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ssl_server_signing_algorithm=$(eval echo \$TPS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ssl_server_token=$(eval echo \$TPS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG
+ echo "pki_ssl_server_nickname=$(eval echo \$TPS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG
+ echo "pki_ssl_server_subject_dn=$(eval echo \$TPS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+
+ echo "pki_admin_name=$(eval echo \$TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_admin_uid=$(eval echo \$TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_admin_email=$(eval echo \$TPS${number}_ADMIN_EMAIL)" >> $INSTANCECFG
+ echo "pki_admin_dualkey=$(eval echo \$TPS${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
+ echo "pki_admin_key_size=$(eval echo \$TPS${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_admin_key_type=$(eval echo \$TPS${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_admin_subject_dn=$(eval echo \$TPS${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG
+ echo "pki_admin_nickname=$(eval echo \$TPS${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG
+ echo "pki_import_admin_cert=$IMPORT_ADMIN_CERT_NONCA" >> $INSTANCECFG
+ echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+ echo "pki_client_admin_cert_p12=$CLIENT_DIR/$(eval echo \$TPS${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG
+ echo "pki_issuing_ca_hostname=$master_hostname" >> $INSTANCECFG
+ echo "pki_issuing_ca_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_issuing_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_enable_server_side_keygen=$(eval echo \$TPS${number}_SERVER_KEYGEN)" >> $INSTANCECFG
+ echo "pki_kra_uri=https://$master_hostname:$(eval echo \$${KRA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_tks_uri=https://$master_hostname:$(eval echo \$${TKS}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_authdb_hostname=$(eval echo \$TPS${number}_AUTHDB_HOST)" >> $INSTANCECFG
+ echo "pki_authdb_port=$(eval echo \$TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+ echo "pki_authdb_basedn=$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG
+ echo "pki_backup_keys=$(eval echo \$${CA}_BACKUP)" >> $INSTANCECFG
+ echo "pki_backup_password=$(eval echo \$TPS${number}_BACKUP_PASSWORD)" >> $INSTANCECFG
+ echo "pki_client_database_dir=$(eval echo \$${CA}_CERTDB_DIR)" >> $INSTANCECFG
+ echo "pki_client_database_password=$(eval echo \$${CA}_CERTDB_DIR_PASSWORD)" >> $INSTANCECFG
+ echo "pki_client_database_purge=$CLIENT_DB_PURGE" >> $INSTANCECFG
+ echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG
+ echo "pki_security_domain_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
+ echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG
+ echo "pki_ds_hostname=$LDAP_HOSTNAME" >> $INSTANCECFG
+ echo "pki_ds_ldap_port=$(eval echo \$TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+ echo "pki_ds_bind_dn=$LDAP_ROOTDN" >> $INSTANCECFG
+ echo "pki_ds_password=$LDAP_ROOTDNPWD" >> $INSTANCECFG
+ echo "pki_ds_secure_connection=$SECURE_CONN" >> $INSTANCECFG
+ echo "pki_ds_remove_data=$REMOVE_DATA" >> $INSTANCECFG
+ echo "pki_ds_base_dn =$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG
+ echo "pki_ds_database=$(eval echo \$TPS${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG
+ echo "pki_restart_configured_instance=$RESTART_INSTANCE" >> $INSTANCECFG
+ echo "pki_skip_configuration=$SKIP_CONFIG" >> $INSTANCECFG
+ echo "pki_skip_installation=$SKIP_INSTALL" >> $INSTANCECFG
+ echo "pki_enable_access_log=$ENABLE_ACCESS_LOG" >> $INSTANCECFG
+ echo "pki_enable_java_debugger=$ENABLE_JAVA_DEBUG" >> $INSTANCECFG
+ echo "pki_security_manager=$SECURITY_MANAGER" >> $INSTANCECFG
+ cat $INSTANCECFG
+ rlLog "EXECUTING: pkispawn -s TPS -f $INSTANCECFG -v "
+ rlRun "pkispawn -s TPS -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1"
+ cat $INSTANCE_CREATE_OUT
+ exp_message1="Administrator's username: $(eval echo \$TPS${number}_ADMIN_USER)"
+ rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+ exp_message3_1="To check the status of the subsystem:"
+ rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+ exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+ exp_message4_1="To restart the subsystem:"
+ rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+ exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+ exp_message5="The URL for the subsystem is:"
+ rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+ exp_message5_1="https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/tps"
+ rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+ # echo "export TKS_SERVER_ROOT=/var/lib/pki/$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)/tks" >> /opt/rhqa_pki/env.sh
+ mkdir -p $CLIENT_PKCS12_DIR
+ mv /var/lib/pki/$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)/alias/tps_backup_keys.p12 $CLIENT_PKCS12_DIR
+ rlPhaseEnd
+}
rhcs_install_prep_disableFirewall()
{
@@ -604,7 +735,8 @@ rhcs_install_cloneCA()
#Install and configure RHDS instance
rlLog "Creating LDAP server Instance"
rhcs_install_set_ldap_vars
- rlRun "rhds_install $(eval echo \$CLONE_CA${number}_LDAP_PORT) $(eval echo \$CLONE_CA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${CA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+ rlRun "mkdir /tmp/dummydir"
+ rlRun "rhds_install $(eval echo \$CLONE_CA${number}_LDAP_PORT) $(eval echo \$CLONE_CA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${CA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
#Install CA
rlLog "Creating CLONE CA Instance"
@@ -631,6 +763,8 @@ rhcs_install_cloneCA()
echo "pki_clone_repicate_schema=$REPLICATE_SCHEMA" >> $INSTANCECFG
echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG
echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+ echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
echo "[CA]" >> $INSTANCECFG
@@ -709,7 +843,7 @@ rhcs_install_SubCA(){
local SUBCA${number}_DOMAIN=`hostname -d`
rlLog "Creating LDAP server Instance"
rhcs_install_set_ldap_vars
- rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+ rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
#Install eval echo $(eval echo $SUBCA${number} INSTANCE
rlLog "Setting up Dogtag SUBCA instance ............."
echo "[DEFAULT]" > $INSTANCECFG
@@ -734,9 +868,9 @@ rhcs_install_SubCA(){
echo "[CA]" >> $INSTANCECFG
- echo "pki_subordinate=True" >> $INSTANCECFG
- echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
- echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_subordinate=True" >> $INSTANCECFG
+ echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
echo "pki_admin_uid=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
echo "pki_admin_email=$(eval echo \$SUBCA${number}_ADMIN_EMAIL)" >> $INSTANCECFG
echo "pki_admin_dualkey=$(eval echo \$SUBCA${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
@@ -851,7 +985,7 @@ rhcs_install_cloneKRA(){
#Install and configure RHDS instance
rlLog "Creating LDAP server Instance"
rhcs_install_set_ldap_vars
- rlRun "rhds_install $(eval echo \$CLONE_KRA${number}_LDAP_PORT) $(eval echo \$CLONE_KRA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_KRA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+ rlRun "rhds_install $(eval echo \$CLONE_KRA${number}_LDAP_PORT) $(eval echo \$CLONE_KRA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_KRA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
#Install KRA CLONE
rlLog "Creating CLONE KRA Instance"
@@ -879,6 +1013,8 @@ rhcs_install_cloneKRA(){
echo "pki_clone_replication_clone_port=$(eval echo \$CLONE_KRA${number}_LDAP_PORT)" >> $INSTANCECFG
echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG
echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+ echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+ echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
echo "[KRA]" >> $INSTANCECFG
@@ -939,7 +1075,7 @@ rhcs_install_cloneKRA(){
rhcs_install_cloneOCSP(){
- rlPhaseStartTest "rhcs_install_CLONEOCSP_only - Install RHCS CLONE OCSP SERVER"
+ rlPhaseStartTest "rhcs_install_CLONEOCSP_only - Install RHCS CLONE OCSP SERVER - Ticket 1058"
local INSTANCECFG="/tmp/cloneocsp_instance.inf"
local INSTANCE_CREATE_OUT="/tmp/cloneocsp_instance_create.out"
rlLog "$FUNCNAME"
@@ -954,7 +1090,8 @@ rhcs_install_cloneOCSP(){
#Install and configure RHDS instance
rlLog "Creating LDAP server Instance"
rhcs_install_set_ldap_vars
- rlRun "rhds_install $(eval echo \$CLONE_OCSP${number}_LDAP_PORT) $(eval echo \$CLONE_OCSP${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_OCSP}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance"
+ rlLog "$SUBSYSTEM_NAME"
+ rlRun "rhds_install $(eval echo \$CLONE_OCSP${number}_LDAP_PORT) $(eval echo \$CLONE_OCSP${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_OCSP}_DB_SUFFIX) $SUBSYSTEM_NAME > /tmp/ocspclone.out 2>&1" 0 "Installing RHDS instance for CLONE CA install"
#Install OCSP CLONE
rlLog "Creating CLONE OCSP Instance"
@@ -981,6 +1118,8 @@ rhcs_install_cloneOCSP(){
echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
echo "pki_issuing_ca=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG
+ #echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+ #echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
echo "[OCSP]" >> $INSTANCECFG
@@ -1036,13 +1175,11 @@ rhcs_install_cloneOCSP(){
exp_message5_1="https://$BEAKERCLONE:$(eval echo \$CLONE_OCSP${number}_SECURE_PORT)/ocsp"
rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
#echo "export OCSP_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME)/ocsp" >> /opt/rhqa_pki/env.sh
+ rlLog "https://fedorahosted.org/pki/ticket/1058"
rlPhaseEnd
}
-
-
-
rhcs_install_cloneTKS(){
rlPhaseStartTest "rhcs_install_clonetks_only - Install RHCS CLONE TKS Server BZ1165864"
@@ -1060,7 +1197,7 @@ rhcs_install_cloneTKS(){
#Install and configure RHDS instance
rlLog "Creating LDAP server Instance"
rhcs_install_set_ldap_vars
- rlRun "rhds_install $(eval echo \$CLONE_TKS${number}_LDAP_PORT) $(eval echo \$CLONE_TKS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TKS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TKS install" 0 "Install LDAP Instance"
+ rlRun "rhds_install $(eval echo \$CLONE_TKS${number}_LDAP_PORT) $(eval echo \$CLONE_TKS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TKS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TKS install"
#Install CLONE TKS
rlLog "Creating CLONE TKS Instance"
@@ -1094,6 +1231,8 @@ rhcs_install_cloneTKS(){
echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG
echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG
+ echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+ echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
echo "[TKS]" >> $INSTANCECFG
@@ -1140,6 +1279,382 @@ rhcs_install_cloneTKS(){
rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
exp_message5_1="https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)/tks"
rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+ rlPhaseEnd
+}
+
+rhcs_install_cloneTPS(){
+
+ rlPhaseStartTest "rhcs_install_clonetps_only - Install RHCS CLONE TPS Server BZ1190184"
+ rlLog "Failing due to: https://bugzilla.redhat.com/show_bug.cgi?id=1190184"
+ local INSTANCECFG="/tmp/clonetps_instance.inf"
+ local INSTANCE_CREATE_OUT="/tmp/clonetps_instance_create.out"
+ rlLog "$FUNCNAME"
+ local DOMAIN='hostname -d'
+ rhcs_install_prep_disableFirewall
+ local number=$1
+ local master_hostname=$2
+ local CA=$3
+ local KRA=$4
+ local TKS=$5
+ local SUBSYSTEM_NAME=$(echo CloneTPS${number})
+ local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-)
+ #Install and configure RHDS instance
+ rlLog "Creating LDAP server Instance"
+ rhcs_install_set_ldap_vars
+ rlRun "rhds_install $(eval echo \$CLONE_TPS${number}_LDAP_PORT) $(eval echo \$CLONE_TPS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TPS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TPS install"
+
+ #Install CLONE TPS
+ rlLog "Creating CLONE TPS Instance"
+ rlLog "Setting up Dogtag TPS CLONE Instance"
+ echo "[DEFAULT]" > $INSTANCECFG
+ echo "pki_instance_name=$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG
+ echo "pki_https_port=$(eval echo \$CLONE_TPS${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_http_port=$(eval echo \$CLONE_TPS${number}_UNSECURE_PORT)" >> $INSTANCECFG
+ echo "pki_ajp_port=$(eval echo \$CLONE_TPS${number}_AJP_PORT)" >> $INSTANCECFG
+ echo "pki_tomcat_server_port=$(eval echo \$CLONE_TPS${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG
+ echo "pki_user=$(eval echo \$CLONE${number}_USER)" >> $INSTANCECFG
+ echo "pki_group=$(eval echo \$CLONE${number}_GROUP)" >> $INSTANCECFG
+ echo "pki_audit_group=$(eval echo \$CLONE${number}_GROUP_AUDIT)" >> $INSTANCECFG
+ echo "pki_token_name=$(eval echo \$CLONE_CA${number}_TOKEN_NAME)" >> $INSTANCECFG
+ echo "pki_token_password=$(eval echo \$CLONE_CA${number}_TOKEN_PASSWORD)" >> $INSTANCECFG
+ echo "pki_client_pkcs12_password=$(eval echo \$CLONE_CA${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG
+ echo "pki_issuing_ca=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_clone=True" >> $INSTANCECFG
+ echo "pki_clone_pkcs12_password=$TPS1_CLIENT_PKCS12_PASSWORD" >> $INSTANCECFG
+ echo "pki_clone_pkcs12_path=$CLIENT_PKCS12_DIR/tks_backup_keys.p12" >> $INSTANCECFG
+ echo "pki_clone_replication_master_port=$TPS1_LDAP_PORT" >> $INSTANCECFG
+ echo "pki_clone_replication_clone_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+ echo "pki_clone_repicate_schema=$REPLICATE_SCHEMA" >> $INSTANCECFG
+ echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG
+ echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+ echo "pki_ds_password=$(eval echo \$CLONE${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG
+ echo "pki_admin_password=$(eval echo \$CLONE_TPS${number}_ADMIN_PASSWORD)" >> $INSTANCECFG
+ echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG
+ echo "pki_security_domain_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
+ echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG
+ echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG
+ echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG
+
+ echo "[TPS]" >> $INSTANCECFG
+ echo "pki_admin_name=$(eval echo \$CLONE_TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_admin_uid=$(eval echo \$CLONE_TPS${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_admin_email=$(eval echo \$CLONE_TPS${number}_ADMIN_EMAIL)" >> $INSTANCECFG
+ echo "pki_admin_dualkey=$(eval echo \$CLONE_TPS${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
+ echo "pki_admin_key_size=$(eval echo \$CLONE_TPS${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_admin_key_type=$(eval echo \$CLONE_TPS${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_admin_subject_dn=$(eval echo \$CLONE_TPS${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG
+ echo "pki_admin_nickname=$(eval echo \$CLONE_TPS${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_type=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_size=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_algorithm=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ssl_server_signing_algorithm=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ssl_server_token=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG
+ echo "pki_ssl_server_nickname=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG
+ echo "pki_ssl_server_subject_dn=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+ echo "pki_import_admin_cert=$CLONE_ADMIN_IMPORT_CERT" >> $INSTANCECFG
+ echo "pki_client_admin_cert_p12=$CLIENT_DIR/$TPS1_ADMIN_CERT_NICKNAME.p12" >> $INSTANCECFG
+ echo "pki_ds_hostname=$(hostname)" >> $INSTANCECFG
+ echo "pki_ds_ldap_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+ echo "pki_ds_bind_dn=$(eval echo \$CLONE${number}_LDAP_ROOTDN)" >> $INSTANCECFG
+ echo "pki_ds_secure_connection=$(eval echo \$CLONE_TPS${number}_SECURE_CONN)" >> $INSTANCECFG
+ echo "pki_ds_remove_data=$(eval echo \$CLONE_TPS${number}_REMOVE_DATA)" >> $INSTANCECFG
+ echo "pki_ds_base_dn=$TPS1_DB_SUFFIX" >> $INSTANCECFG
+ echo "pki_ds_database=$TPS1_LDAP_INSTANCE_NAME" >> $INSTANCECFG
+ echo "pki_ca_uri=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_enable_server_side_keygen=$(eval echo \$CLONE_TPS${number}_SERVER_KEYGEN)" >> $INSTANCECFG
+ echo "pki_kra_uri=https://$(hostname):$(eval echo \$CLONE_KRA${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_tks_uri=https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_authdb_hostname=$(eval echo \$CLONE_TPS${number}_DS_HOSTNAME)" >> $INSTANCECFG
+ echo "pki_authdb_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG
+ echo "pki_authdb_basedn=$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG
+ cat $INSTANCECFG
+
+ rlLog "EXECUTING: pkispawn -s TPS -f $INSTANCECFG -v "
+ rlRun "pkispawn -s TPS -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1"
+ cat $INSTANCE_CREATE_OUT
+ exp_message1="Administrator's username: $(eval echo \$CLONE_TPS${number}_ADMIN_USER)"
+ rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+ exp_message3_1="To check the status of the subsystem:"
+ rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+ exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+ exp_message4_1="To restart the subsystem:"
+ rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+ exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+ exp_message5="The URL for the subsystem is:"
+ rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+ exp_message5_1="https://$(hostname):$(eval echo \$CLONE_TPS${number}_SECURE_PORT)/tks"
+ rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
rlPhaseEnd
}
+###########################################################
+# CA SIGNED BY AN EXTERNAL CA TESTS #
+###########################################################
+rhcs_install_CAwithExtCA() {
+ rlLog "Creating a CA signed by ROOTCA"
+ local INSTANCECFG="/tmp/subca_instance.inf"
+ local INSTANCE_CREATE_OUT="/tmp/subca_instance_create.out"
+ rlLog "$FUNCNAME"
+ local DOMAIN='hostname -d'
+ rhcs_install_prep_disableFirewall
+
+ #Install and configure RHDS instance
+ local number=$1
+ local csr=$2
+ local admin_cert_location=$4
+ local client_pkcs12_password=$5
+ local admin_cert=$6
+ local tmp_host=$7
+ local SUBSYSTEM_NAME=$(echo SubCA${number})
+ local SUBCA${number}_DOMAIN=`hostname -d`
+ local cert_type=$3
+ rlLog "Creating LDAP server Instance"
+ rhcs_install_set_ldap_vars
+ rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install"
+ #Install eval echo $(eval echo $SUBCA${number} INSTANCE
+ rlLog "Setting up Dogtag SUBCA instance ............."
+ echo "[DEFAULT]" > $INSTANCECFG
+ echo "pki_instance_name=$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG
+ echo "pki_https_port=$(eval echo \$SUBCA${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_http_port=$(eval echo \$SUBCA${number}_UNSECURE_PORT)" >> $INSTANCECFG
+ echo "pki_ajp_port=$(eval echo \$SUBCA${number}_AJP_PORT)" >> $INSTANCECFG
+ echo "pki_tomcat_server_port=$(eval echo \$SUBCA${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG
+ echo "pki_user=$(eval echo \$SUBCA${number}_USER)" >> $INSTANCECFG
+ echo "pki_group=$(eval echo \$SUBCA${number}_GROUP)" >> $INSTANCECFG
+ echo "pki_audit_group=$(eval echo \$SUBCA${number}_GROUP_AUDIT)" >> $INSTANCECFG
+ echo "pki_token_name=$(eval echo \$SUBCA${number}_TOKEN_NAME)" >> $INSTANCECFG
+ echo "pki_token_password=$(eval echo \$SUBCA${number}_TOKEN_PASSWORD)" >> $INSTANCECFG
+ echo "pki_client_pkcs12_password=$(eval echo \$SUBCA${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG
+ echo "pki_admin_password=$(eval echo \$SUBCA${number}_ADMIN_PASSWORD)" >> $INSTANCECFG
+ echo "pki_ds_password=$(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG
+ echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG
+ echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG
+ echo "pki_security_domain_https_port=$(eval echo \$SUBCA${number}_SECURE_PORT)" >> $INSTANCECFG
+ echo "pki_security_domain_user=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_security_domain_password=$(eval echo \$SUBCA${number}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG
+ echo "pki_security_domain_name=$(eval echo \$SUBCA${number}_DOMAIN)" >> $INSTANCECFG
+
+ echo "[CA]" >> $INSTANCECFG
+
+ echo "pki_external=True" >> $INSTANCECFG
+ echo "pki_external_csr_path=$csr" >> $INSTANCECFG
+ echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_admin_uid=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG
+ echo "pki_admin_email=$(eval echo \$SUBCA${number}_ADMIN_EMAIL)" >> $INSTANCECFG
+ echo "pki_admin_dualkey=$(eval echo \$SUBCA${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG
+ echo "pki_admin_key_size=$(eval echo \$SUBCA${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_admin_key_type=$(eval echo \$SUBCA${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_admin_subject_dn=$(eval echo \$SUBCA${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG
+ echo "pki_admin_nickname=$(eval echo \$SUBCA${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG
+ echo "pki_import_admin_cert=$(eval echo \$SUBCA${number}_ADMIN_IMPORT_CERT)" >> $INSTANCECFG
+ echo "pki_client_admin_cert_p12=$CLIENT_DIR/$(eval echo \$SUBCA${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG
+ echo "pki_subsystem_key_type=$(eval echo \$SUBCA${number}_SUBSYSTEM_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_subsystem_key_size=$(eval echo \$SUBCA${number}_SUBYSTEM_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_subsystem_key_algorithm=$(eval echo \$SUBCA${number}_SUBSYSTEM_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_subsystem_signing_algorithm=$(eval echo \$SUBCA${number}_SUBSYSTEM_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_subsystem_token=$(eval echo \$SUBCA${number}_SUBSYSTEM_TOKEN)" >> $INSTANCECFG
+ echo "pki_subsystem_nickname=$(eval echo \$SUBCA${number}_SUBSYTEM_NICKNAME)" >> $INSTANCECFG
+ echo "pki_subsystem_subject_dn=$(eval echo \$SUBCA${number}_SUBSYSTEM_SUBJECT_DN)" >> $INSTANCECFG
+ echo "pki_ds_database=$(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG
+ echo "pki_ca_signing_key_type=$(eval echo \$SUBCA${number}_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_ca_signing_key_size=$(eval echo \$SUBCA${number}_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_ca_signing_key_algorithm=$(eval echo \$SUBCA${number}_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ca_signing_signing_algorithm=$(eval echo \$SUBCA${number}_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ca_signing_token=$(eval echo \$SUBCA${number}_SIGNING_TOKEN)" >> $INSTANCECFG
+ echo "pki_ca_signing_nickname=$(eval echo \$SUBCA${number}_SIGNING_NICKNAME)" >> $INSTANCECFG
+ echo "pki_ca_signing_subject_dn=$(eval echo \$SUBCA${number}_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+ echo "pki_ocsp_signing_key_type=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_ocsp_signing_key_size=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_ocsp_signing_key_algorithm=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ocsp_signing_signing_algorithm=$(eval echo \$SUBCA${number}_OCSP_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ocsp_signing_token=$(eval echo \$SUBCA${number}_OCSP_SIGNING_TOKEN)" >> $INSTANCECFG
+ echo "pki_ocsp_signing_nickname=$(eval echo \$SUBCA${number}_OCSP_SIGNING_NICKNAME)" >> $INSTANCECFG
+ echo "pki_ocsp_signing_subject_dn=$(eval echo \$SUBCA${number}_OCSP_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+ echo "pki_audit_signing_key_type=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_audit_signing_key_size=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_audit_signing_key_algorithm=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_audit_signing_signing_algorithm=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_audit_signing_token=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG
+ echo "pki_audit_signing_nickname=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_NICKNAME)" >> $INSTANCECFG
+ echo "pki_audit_signing_subject_dn=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_type=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_size=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG
+ echo "pki_ssl_server_key_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ssl_server_signing_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG
+ echo "pki_ssl_server_token=$(eval echo \$SUBCA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG
+ echo "pki_ssl_server_nickname=$(eval echo \$SUBCA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG
+ echo "pki_ssl_server_subject_dn=$(eval echo \$SUBCA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG
+ echo "pki_ds_hostname=$(eval echo \$SUBCA${number}_DS_HOSTNAME)" >> $INSTANCECFG
+ echo "pki_ds_ldap_port=$(eval echo \$SUBCA${number}_LDAP_PORT)" >> $INSTANCECFG
+ echo "pki_ds_bind_dn=$(eval echo \$SUBCA${number}_LDAP_ROOTDN)" >> $INSTANCECFG
+ echo "pki_ds_password=$(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG
+ echo "pki_ds_secure_connection=$(eval echo \$SUBCA${number}_SECURE_CONN)" >> $INSTANCECFG
+ echo "pki_ds_remove_data=$(eval echo \$SUBCA${number}_REMOVE_DATA)" >> $INSTANCECFG
+ echo "pki_ds_base_dn=$(eval echo \$SUBCA${number}_DB_SUFFIX)" >> $INSTANCECFG
+ echo "pki_ds_database=$(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG
+ echo "pki_backup_keys=$(eval echo \$SUBCA${number}_BACKUP)" >> $INSTANCECFG
+ echo "pki_backup_password=$(eval echo \$SUBCA${number}_BACKUP_PASSWORD)" >> $INSTANCECFG
+ echo "pki_client_database_dir=$(eval echo \$SUBCA${number}_CERTDB_DIR)" >> $INSTANCECFG
+ echo "pki_client_database_password=$(eval echo \$SUBCA${number}_CERTDB_DIR_PASSWORD)" >> $INSTANCECFG
+ echo "pki_client_database_purge=$(eval echo \$SUBCA${number}_CLIENT_DB_PURGE)" >> $INSTANCECFG
+ echo "pki_restart_configured_instance=$RESTART_INSTANCE" >> $INSTANCECFG
+ echo "pki_skip_configuration=$SKIP_CONFIG" >> $INSTANCECFG
+ echo "pki_skip_installation=$SKIP_INSTALL" >> $INSTANCECFG
+ echo "pki_enable_access_log=$ENABLE_ACCESS_LOG" >> $INSTANCECFG
+ echo "pki_enable_java_debugger=$ENABLE_JAVA_DEBUG" >> $INSTANCECFG
+ echo "pki_security_manager=$SECURITY_MANAGER" >> $INSTANCECFG
+ echo "export SUBCA${number}_DOMAIN=$(eval echo \$SUBCA${number}_DOMAIN)" >> /opt/rhqa_pki/env.sh
+ cat $INSTANCECFG
+ rlRun "cp $INSTANCECFG /tmp/subca.inf.bak"
+ rlLog "EXECUTING: pkispawn -s CA -f $INSTANCECFG -v "
+ rlRun "pkispawn -s CA -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1"
+ rlRun "cat $INSTANCE_CREATE_OUT"
+ exp_message1="Administrator's username: $(eval echo \$SUBCA${number}_ADMIN_USER)"
+ rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+ #exp_message1_1="Administrator's PKCS #12 file:"
+ #rlAssertGrep "$exp_message1_1" "$INSTANCE_CREATE_OUT"
+ exp_message2="$(eval echo \$SUBCA${number}_DOMAIN)"
+ rlAssertGrep "$exp_message2" "$INSTANCE_CREATE_OUT"
+ exp_message3_1="To check the status of the subsystem:"
+ rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+ exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+ exp_message4_1="To restart the subsystem:"
+ rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+ exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+ exp_message5="The URL for the subsystem is:"
+ rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+ exp_message5_1="https://$(hostname):$(eval echo \$SUBCA${number}_SECURE_PORT)/ca"
+ rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+ #echo "export CA_SERVER_ROOT=/var/lib/pki/$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)/ca" >> /opt/rhqa_pki/env.sh
+ #mkdir -p $CLIENT_PKCS12_DIR
+ #mv /var/lib/pki/$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 $CLIENT_PKCS12_DIR
+
+ local TEMP_NSS_DB="/tmp/nssdb"
+ local TEMP_NSS_DB_PWD="Secret123"
+ if [ -d "$TEMP_NSS_DB" ]; then
+
+ rlLog "$TEMP_NSS_DB Directory exists"
+ else
+ rlLog "Creating Security Database"
+ rlRun "pki -d $TEMP_NSS_DB -c $TEMP_NSS_DB_PWD client-init" 0 "Initializing Security Database"
+ RETVAL=$?
+ if [ $RETVAL != 0 ]; then
+ rlLog "FAIL :: NSS Database was not created"
+ return 1
+ fi
+ fi
+ if [ $cert_type = "Dogtag" ]; then
+
+ local profile=caCACert
+ local rand=$RANDOM
+ local request_type="pkcs10"
+ local cn="New CA"
+ local uid="newca"
+ local email="newca@foobar.org"
+ local ou="Foo_Example_IT"
+ local org="FooBar.Org"
+ local state="North Carolina"
+ local location="Raleigh"
+ local country="US"
+ local cert_subject_file="/tmp/subfile"
+ rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $csr"
+ rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $csr"
+ echo -e "RequestType:$request_type" > $cert_subject_file
+ echo -e "CN:$cn" >> $cert_subject_file
+ echo -e "UID:$uid" >> $cert_subject_file
+ echo -e "Email:$email" >> $cert_subject_file
+ echo -e "OU:$ou" >> $cert_subject_file
+ echo -e "Org:$org" >> $cert_subject_file
+ echo -e "State:$state" >> $cert_subject_file
+ echo -e "Location:$location" >> $cert_subject_file
+ echo -e "Country:$country" >> $cert_subject_file
+ echo -e "Request_DN:$(eval echo \$SUBCA${number}_SIGNING_CERT_SUBJECT_NAME)" >> $cert_subject_file
+ rlRun "pki -d $TEMP_NSS_DB \
+ -h $tmp_host \
+ -p $ROOTCA_UNSECURE_PORT \
+ -c $TEMP_NSS_DB_PWD \
+ cert-request-profile-show $profile \
+ --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out"
+ rlRun "generate_xml $csr $cert_subject_file $TEMP_NSS_DB/$rand-profile.xml $profile"
+ rlRun "pki -h $tmp_host -p $ROOTCA_UNSECURE_PORT cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/pki-cert-request-submit.out" 0 "Submit request"
+ local REQUEST_ID=$(cat $TEMP_NSS_DB/pki-cert-request-submit.out | grep "Request ID" | awk -F ": " '{print $2}')
+ rlAssertGrep "Request ID: $REQUEST_ID" "$TEMP_NSS_DB/pki-cert-request-submit.out"
+ rlAssertGrep "Type: enrollment" "$TEMP_NSS_DB/pki-cert-request-submit.out"
+ rlAssertGrep "Request Status: pending" "$TEMP_NSS_DB/pki-cert-request-submit.out"
+ rlAssertGrep "Operation Result: success" "$TEMP_NSS_DB/pki-cert-request-submit.out"
+ rlLog "importP12FileNew $admin_cert_location $client_pkcs12_password $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert"
+ rlRun "importP12FileNew $admin_cert_location $client_pkcs12_password $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert" 0 "Import Admin certificate to $CERTDB_DIR"
+ rlRun "install_and_trust_CA_cert $ROOTCA_SERVER_ROOT $CERTDB_DIR"
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$admin_cert\" \
+ -h $tmp_host \
+ -p $ROOTCA_UNSECURE_PORT \
+ ca-cert-request-review $REQUEST_ID \
+ --action approve 1> $TEMP_NSS_DB/$REQUEST_ID-pkcs10-approve-out" 0 "As $admin_cert Approve certificate request $REQUEST_ID"
+ rlAssertGrep "Approved certificate request $REQUEST_ID" "$TEMP_NSS_DB/$REQUEST_ID-pkcs10-approve-out"
+ rlRun "pki -p $ROOTCA_UNSECURE_PORT -h $tmp_host ca-cert-request-show $REQUEST_ID > $TEMP_NSS_DB/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $REQUEST_ID"
+ rlAssertGrep "Request ID: $REQUEST_ID" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+ rlAssertGrep "Type: enrollment" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+ rlAssertGrep "Status: complete" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+ rlAssertGrep "Certificate ID:" "$TEMP_NSS_DB/certrequestapprovedshow_001.out"
+ local certificate_serial_number=`cat $TEMP_NSS_DB/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'`
+ rlLog "Cerificate Serial Number=$certificate_serial_number"
+ rlRun "pki -h $tmp_host -p $ROOTCA_UNSECURE_PORT cert-show $certificate_serial_number --output $TEMP_NSS_DB/certb64.out" 0 "B64 of the certificate"
+ rlRun "export SSL_DIR=$CERTDB_DIR"
+ rlRun "curl --basic --dump-header $TEMP_NSS_DB/header.out -d \"serialNumber=$certificate_serial_number\" -k \"http://$tmp_host:$ROOTCA_UNSECURE_PORT/ca/ee/ca/getCertChain\" > $TEMP_NSS_DB/b64certChain.out"
+ rlRun "sed -e '/-----BEGIN CERTIFICATE-----/d' -i $TEMP_NSS_DB/certb64.out"
+ rlRun "sed -e '/-----END CERTIFICATE-----/d' -i $TEMP_NSS_DB/certb64.out"
+ rlRun "sed -i -e 's/<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><XMLResponse><Status>0<\/Status><ChainBase64>//g' -i $TEMP_NSS_DB/b64certChain.out"
+ rlRun "sed -i -e 's/<\/ChainBase64><\/XMLResponse>//g' -i $TEMP_NSS_DB/b64certChain.out"
+ else
+ rlLog "Use testplan to set up ADCS on MS Server and save the params in env.sh"
+ csr_string=$(cat $csr | tr -d '\n')
+ rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certfnsh.asp -u \"$MS_username:$MS_password\" --data-urlencode CertRequest=\"$csr_string\" -d Mode=newreq -d SaveCert=yes -d CertAttrib=CertificateTemplate:SubCA > $TEMP_NSS_DB/msca_new_cert.out"
+ rlRun "sleep 5"
+ rlRun "cat $TEMP_NSS_DB/msca_new_cert.out | grep \"Download certificate:\" > $TEMP_NSS_DB/msca_new_cert1.out"
+ rlRun "sed -i -e 's/<LocID ID=locDownloadCert1>Download certificate: <\/LocID><A Href=\"certnew.cer?//g' $TEMP_NSS_DB/msca_new_cert1.out"
+ rlRun "sleep 5"
+ rlRun "sed -i -e 's/\&amp;Enc=bin\"><LocID ID=locDerEnc1>DER Encoded<\/LocID><\/A><LocID ID=locSep1>.*//g' $TEMP_NSS_DB/msca_new_cert1.out"
+ rlRun "sleep 5"
+ MS_newca_request_ID=$(cat $TEMP_NSS_DB/msca_new_cert1.out | grep "ReqID=" | cut -d= -f2)
+ rlLog "$MS_newca_request_ID"
+ rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certnew.cer -G -d ReqID=$MS_newca_request_ID -d Enc-bin > $TEMP_NSS_DB/certb64.out"
+ rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certnew.p7b -G -d ReqID=$MS_newca_request_ID -d Enc-bin > $TEMP_NSS_DB/b64certChain.out"
+ fi
+
+ rlLog "Preparing the config file for step 2 of pkispawn"
+ rlRun "sed -e '/pki_external_csr_path=.*/d' -i $INSTANCECFG"
+ echo "pki_external_ca_cert_chain_path=$TEMP_NSS_DB/b64certChain.out" >> $INSTANCECFG
+ echo "pki_external_ca_cert_path=$TEMP_NSS_DB/certb64.out" >> $INSTANCECFG
+ echo "pki_external_step_two=True" >> $INSTANCECFG
+
+ rlLog "EXECUTING: pkispawn -s CA -f $INSTANCECFG -v "
+ rlRun "pkispawn -s CA -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1"
+ rlRun "cat $INSTANCE_CREATE_OUT"
+ exp_message1="Administrator's username: $(eval echo \$SUBCA${number}_ADMIN_USER)"
+ rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT"
+ exp_message1_1="Administrator's PKCS #12 file:"
+ rlAssertGrep "$exp_message1_1" "$INSTANCE_CREATE_OUT"
+ exp_message2="$(eval echo \$SUBCA${number}_DOMAIN)"
+ rlAssertGrep "$exp_message2" "$INSTANCE_CREATE_OUT"
+ exp_message3_1="To check the status of the subsystem:"
+ rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT"
+ exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT"
+ exp_message4_1="To restart the subsystem:"
+ rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT"
+ exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT"
+ exp_message5="The URL for the subsystem is:"
+ rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT"
+ exp_message5_1="https://$(hostname):$(eval echo \$SUBCA${number}_SECURE_PORT)/ca"
+ rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT"
+}
diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh
index aeefdd1a1..dae68ac0e 100755
--- a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh
+++ b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh
@@ -74,6 +74,7 @@ run_rhcs_install_packages() {
#####################################################################
yum clean all
yum -y update
+ yum -y install wget
#CA install
rc=0
rlLog "CA instance will be installed on $HOSTNAME"
@@ -148,48 +149,55 @@ run_install_subsystem_RootCA()
}
#KRA Install
+
run_install_subsystem_kra() {
- rlPhaseStartSetup "rhcs_install_subsystem_kra: Default install"
- rlLog "KRA instance will be installed on $HOSTNAME"
- rc=0
- number=$1
+ rlPhaseStartSetup "rhcs_install_subsystem_kra: Default install"
+ rlLog "KRA instance will be installed on $HOSTNAME"
+ rc=0
+ number=$1
master_hostname=$2
CA=$3
- rpm -qa | grep pki-kra
- if [ $? -eq 0 ] ; then
- rlLog "pki-kra package is installed"
- else
- rlLog "ERROR: $item package is NOT installed"
- rc=1
- fi
+ KRA="KRA${number}"
+ eval ${KRA}_INSTALLED=TRUE
+ rpm -qa | grep pki-kra
+ if [ $? -eq 0 ] ; then
+ rlLog "pki-kra package is installed"
+ else
+ rlLog "ERROR: $item package is NOT installed"
+ rc=1
+ eval ${KRA}_INSTALLED=FALSE
+ fi
- if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
- rhcs_install_kra $number $master_hostname $CA
- fi
- rlPhaseEnd
+ if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
+ rhcs_install_kra $number $master_hostname $CA
+ fi
+ rlPhaseEnd
}
#OCSP install
+
run_install_subsystem_ocsp() {
- rlPhaseStartSetup "rhcs_install_subsystem_ocsp: Default install"
- rlLog "OCSP instance will be installed on $HOSTNAME"
- rc=0
- number=$1
+ rlPhaseStartSetup "rhcs_install_subsystem_ocsp: Default install"
+ rlLog "OCSP instance will be installed on $HOSTNAME"
+ rc=0
+ number=$1
master_hostname=$2
CA=$3
- rpm -qa | grep pki-ocsp
- if [ $? -eq 0 ] ; then
- rlLog "pki-ocsp package is installed"
+ rpm -qa | grep pki-ocsp
+ if [ $? -eq 0 ] ; then
+ rlLog "pki-ocsp package is installed"
else
- rlLog "ERROR: $item package is NOT installed"
- rc=1
- fi
+ rlLog "ERROR: $item package is NOT installed"
+ rc=1
+ OCSP3_INSTALLED=FALSE
+ fi
- if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
- rhcs_install_ocsp $number $master_hostname $CA
- fi
- rlPhaseEnd
+ if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
+ rhcs_install_ocsp $number $master_hostname $CA
+ fi
+ rlPhaseEnd
}
+
#RA install
#rlLog "RA instance will be installed on $HOSTNAME"
@@ -217,49 +225,53 @@ run_install_subsystem_ocsp() {
#TKS install
run_install_subsystem_tks() {
- rlPhaseStartSetup "rhcs_install_subsystem_tks: Default install"
- rlLog "TKS instance will be installed on $HOSTNAME"
- rc=0
- number=$1
+ rlPhaseStartSetup "rhcs_install_subsystem_tks: Default install"
+ rlLog "TKS instance will be installed on $HOSTNAME"
+ rc=0
+ number=$1
master_hostname=$2
CA=$3
- rpm -qa | grep pki-tks
+ TKS="TKS${number}"
+ eval ${TKS}_INSTALLED=TRUE
+ rpm -qa | grep pki-tks
if [ $? -eq 0 ] ; then
- rlLog "pki-tks package is installed"
+ rlLog "pki-tks package is installed"
else
rlLog "ERROR: $item package is NOT installed"
- rc=1
+ rc=1
+ eval ${TKS}_INSTALLED=FALSE
fi
- if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
- rlLog "Installing TKS"
- rhcs_install_tks $number $master_hostname $CA
- fi
- rlPhaseEnd
+ if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then
+ rlLog "Installing TKS"
+ rhcs_install_tks $number $master_hostname $CA
+ fi
+ rlPhaseEnd
}
- #TPS install
- #rlLog "TPS instance will be installed on $HOSTNAME"
- #rc=0
- #yum -y install $COMMON_SERVER_PACKAGES
- #yum -y install $TPS_SERVER_PACKAGES
- #ALL_PACKAGES="$COMMON_SERVER_PACKAGES $DOGTAG_PACKAGES"
- #for item in $ALL_PACKAGES ; do
- #rpm -qa | grep $item
- #if [ $? -eq 0 ] ; then
- #rlLog "$item package is installed"
- #else
- #rlLog "ERROR: $item package is NOT installed"
- #rc=1
- #fi
- #done
- #if [ $rc -eq 0 ] ; then
- #rlLog "Installing TPS"
- #rhcs_install_tps
- #fi
- #else
- #rlLog "Machine in recipe is not a MASTER"
- #fi
+#TPS install
+run_install_subsystem_tps() {
+ rlPhaseStartSetup "rhcs_install_subsystem_tps: Default install"
+ rlLog "TPS instance will be installed on $HOSTNAME"
+ rc=0
+ number=$1
+ master_hostname=$2
+ CA=$3
+ KRA=$4
+ TKS=$5
+ rpm -qa | grep pki-tks
+ if [ $? -eq 0 ] ; then
+ rlLog "$item package is installed"
+ else
+ rlLog "ERROR: $item package is NOT installed"
+ rc=1
+ fi
+ if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${KRA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${TKS}_INSTALLED) = "TRUE" ] ; then
+ rlLog "Installing TPS"
+ rhcs_install_tps $number $master_hostname $CA $KRA $TKS
+ fi
+ rlPhaseEnd
+}
#####################SUBCA######################
################################################
@@ -402,4 +414,27 @@ run_install_subsystem_cloneTKS(){
fi
rlPhaseEnd
}
+#CLONE TPS install
+run_install_subsystem_cloneTPS(){
+ rlPhaseStartSetup "rhcs_install_subsystem_clonetps: Default install"
+ rlLog "Clone TPS instance will be installed on $HOSTNAME"
+ rc=0
+ number=$1
+ master_hostname=$2
+ CA=$3
+ KRA=$4
+ TKS=$5
+ rpm -qa | grep pki-tps
+ if [ $? -eq 0 ] ; then
+ rlLog "pki-tps package is installed"
+ else
+ rlLog "ERROR: pki-tps package is NOT installed"
+ rc=1
+ fi
+ if [ $rc -eq 0 ] ; then
+ rlLog "Installing TPS"
+ rhcs_install_cloneTPS $number $master_hostname $CA $KRA $TKS
+ fi
+ rlPhaseEnd
+}
diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh
index 6dccf289b..8c742420e 100755
--- a/tests/dogtag/runtest.sh
+++ b/tests/dogtag/runtest.sh
@@ -221,12 +221,17 @@
. ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh
. ./acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh
. ./acceptance/legacy/tks-tests/usergroups/tks-ad-usergroups.sh
+. ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh
. ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh
. ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh
-. ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh
. ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh
-. ./acceptance/legacy/clone_ca_tests/clone_tests.sh
. ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh
+. ./acceptance/legacy/clone_ca_tests/clone_tests.sh
+. ./acceptance/install-tests/ca-installer.sh
+. ./acceptance/install-tests/kra-installer.sh
+. ./acceptance/install-tests/ocsp-installer.sh
+. ./acceptance/install-tests/tks-installer.sh
+. ./acceptance/install-tests/tps-installer.sh
. ./acceptance/bugzilla/bug_setup.sh
. ./acceptance/bugzilla/bug_uninstall.sh
. ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh
@@ -283,40 +288,18 @@ rlJournalStart
KRA_INST=$(cat /tmp/topo_file | grep MY_KRA | cut -d= -f2)
OCSP_INST=$(cat /tmp/topo_file | grep MY_OCSP | cut -d= -f2)
TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2)
+ TPS_INST=$(cat /tmp/topo_file | grep MY_TPS | cut -d= -f2)
if [ "$QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ] ; then
run_rhcs_set_time
run_rhcs_install_set_vars
run_rhcs_install_quickinstall
- #Set-up role users
- get_topo_stack $MYROLE /tmp/topo_file
- CA_INST=$(cat /tmp/topo_file | grep MY_CA | cut -d= -f2)
- rlLog "Subsystem ID CA=$CA_INST"
- run_pki-user-cli-role-user-create-tests $CA_INST ca $MYROLE
- KRA_INST=$(cat /tmp/topo_file | grep MY_KRA | cut -d= -f2)
- rlLog "Subsystem ID KRA=$KRA_INST"
- run_pki-user-cli-role-user-create-tests $KRA_INST kra $MYROLE
- OCSP_INST=$(cat /tmp/topo_file | grep MY_OCSP | cut -d= -f2)
- rlLog "Subsystem ID OCSP=$OCSP_INST"
- run_pki-user-cli-role-user-create-tests $OCSP_INST ocsp $MYROLE
- TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2)
- rlLog "Subsystem ID TKS=$TKS_INST"
- run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE
- SUBCA_INST=$(cat /tmp/topo_file | grep MY_SUBCA | cut -d= -f2)
- rlLog "Subsystem ID SUBCA=$SUBCA_INST"
- run_pki-user-cli-role-user-create-tests $SUBCA_INST ca $MYROLE
+ SUBCA_INST=$(cat /tmp/topo_file | grep MY_SUBCA | cut -d= -f2)
CLONECA_INST=$(cat /tmp/topo_file | grep MY_CLONE_CA | cut -d= -f2)
- rlLog "Subsystem ID CLONECA=$CLONECA_INST"
- run_pki-user-cli-role-user-create-tests $CLONECA_INST ca $MYROLE
CLONEKRA_INST=$(cat /tmp/topo_file | grep MY_CLONE_KRA | cut -d= -f2)
- rlLog "Subsystem ID CLONEKRA=$CLONEKRA_INST"
- run_pki-user-cli-role-user-create-tests $CLONEKRA_INST kra $MYROLE
CLONEOCSP_INST=$(cat /tmp/topo_file | grep MY_CLONE_OCSP | cut -d= -f2)
- rlLog "Subsystem ID CLONEOCSP=$CLONEOCSP_INST"
- run_pki-user-cli-role-user-create-tests $CLONEOCSP_INST ocsp $MYROLE
CLONETKS_INST=$(cat /tmp/topo_file | grep MY_CLONE_TKS | cut -d= -f2)
- rlLog "Subsystem ID CLONETKS=$CLONETKS_INST"
- run_pki-user-cli-role-user-create-tests $CLONETKS_INST ocsp $MYROLE
+ CLONETPS_INST=$(cat /tmp/topo_file | grep MY_CLONE_TPS | cut -d= -f2)
elif [ "$TOPO1_UPPERCASE" = "TRUE" ] ; then
run_rhcs_install_set_vars
run_rhcs_install_topo_1
@@ -345,7 +328,62 @@ rlJournalStart
run_rhcs_install_set_vars
run_rhcs_install_topo_9
fi
-
+ ######## CREATE ROLE USERS #############
+ PKI_CREATE_CA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CA_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_CA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create CA role users
+ run_pki-user-cli-role-user-create-tests $CA_INST ca $MYROLE
+ fi
+ PKI_CREATE_KRA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_KRA_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_KRA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create KRA role users
+ run_pki-user-cli-role-user-create-tests $KRA_INST kra $MYROLE
+ fi
+ PKI_CREATE_OCSP_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_OCSP_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_OCSP_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create OCSP role users
+ run_pki-user-cli-role-user-create-tests $OCSP_INST ocsp $MYROLE
+ fi
+ PKI_CREATE_TKS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_TKS_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_TKS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create TKS role users
+ run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE
+ fi
+ PKI_CREATE_TPS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_TPS_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_TPS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create TPS role users
+ run_pki-user-cli-role-user-create-tests $TPS_INST tps $MYROLE
+ fi
+ PKI_CREATE_SUBCA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_SUBCA_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_SUBCA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create SUBCA role users
+ run_pki-user-cli-role-user-create-tests $SUBCA_INST ca $MYROLE
+ fi
+ PKI_CREATE_CLONECA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONECA_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_CLONECA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create CLONE CA role users
+ run_pki-user-cli-role-user-create-tests $CLONECA_INST ca $MYROLE
+ fi
+ PKI_CREATE_CLONEKRA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONEKRA_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_CLONEKRA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create CLONE KRA role users
+ run_pki-user-cli-role-user-create-tests $CLONEKRA_INST kra $MYROLE
+ fi
+ PKI_CREATE_CLONEOCSP_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONEOCSP_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_CLONEOCSP_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create CLONE OCSP role users
+ run_pki-user-cli-role-user-create-tests $CLONEOCSP_INST ocsp $MYROLE
+ fi
+ PKI_CREATE_CLONETKS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONETKS_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_CLONETKS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create CLONE TKS role users
+ run_pki-user-cli-role-user-create-tests $CLONETKS_INST tks $MYROLE
+ fi
+ PKI_CREATE_CLONETPS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONETPS_ROLE_USER | tr [a-z] [A-Z])
+ if [ "$PKI_CREATE_CLONETPS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Create CLONE TPS role users
+ run_pki-user-cli-role-user-create-tests $CLONETPS_INST tps $MYROLE
+ fi
######## PKI USER CA TESTS ############
PKI_USER_CA_UPPERCASE=$(echo $PKI_USER_CA | tr [a-z] [A-Z])
if [ "$PKI_USER_CA_UPPERCASE" = "TRUE" ] ; then
@@ -1542,23 +1580,23 @@ rlJournalStart
run_ca-ee-ocsp_tests $subsystemType $MYROLE
fi
PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_MANUAL | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
- # Execute pki ca-renew-manual tests
- subsystemType=ca
- run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
- # Execute pki ca-renew-directory-auth-usercert tests
- subsystemType=ca
- run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
- # Execute pki ca-renew-sslclient-cert tests
- subsystemType=ca
- run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE
- fi
+ if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki ca-renew-manual tests
+ subsystemType=ca
+ run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki ca-renew-directory-auth-usercert tests
+ subsystemType=ca
+ run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki ca-renew-sslclient-cert tests
+ subsystemType=ca
+ run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE
+ fi
PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_CA_SCEP_ENROLL | tr [a-z] [A-Z])
if [ "$PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
# Execute ca scep enroll tests
@@ -1586,7 +1624,7 @@ rlJournalStart
run_admin-kra-internaldb_tests $subsystemType $MYROLE
fi
PKI_LEGACY_KRA_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_KRA_AD_LOGS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_KRA_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ if [ "$PKI_LEGACY_KRA_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
subsystemType=kra
run_admin-kra-log_tests $subsystemType $MYROLE
fi
@@ -1627,105 +1665,178 @@ rlJournalStart
run_agent-subca-crls_tests $subsystemType $MYROLE
fi
PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_CERTIFICATES | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ca
- run_subca-ag-certificates_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_REQUESTS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ca
- run_subca-ag-requests_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_ENROLLMENT | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ca
- run_ee-subca-enrollment_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_RETRIEVAL | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ca
- run_ee-subca-retrieval_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PROFILE | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ca
- run_admin-subca-profile_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_PROFILE | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ca
- run_agent-subca-profile_tests $subsystemType $MYROLE
- fi
+ if [ "$PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ run_subca-ag-certificates_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_REQUESTS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ run_subca-ag-requests_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_ENROLLMENT | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ run_ee-subca-enrollment_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_RETRIEVAL | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ run_ee-subca-retrieval_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PROFILE | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ run_admin-subca-profile_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_PROFILE | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ run_agent-subca-profile_tests $subsystemType $MYROLE
+ fi
PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_LOGS | tr [a-z] [A-Z])
if [ "$PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
subsystemType=ca
run_admin-subca-log_tests $subsystemType $MYROLE
- fi
+ fi
PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_SCEP_ENROLL | tr [a-z] [A-Z])
if [ "$PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
# Execute subca scep enroll tests
subsystemType=ca
run_pki-legacy-subca-scep_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ocsp
+ run_ocsp-ad_usergroups $subsystemType $MYROLE
fi
- PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ocsp
- run_ocsp-ad_usergroups $subsystemType $MYROLE
- fi
- PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_ACLS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ocsp
- run_admin-ocsp-acl_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_LOGS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ocsp
- run_admin-ocsp-log_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_INTERNALDB | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ocsp
- run_admin-ocsp-internaldb_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_OCSP_AG_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AG_TESTS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_OCSP_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ocsp
- run_ocsp-ag_tests $subsystemType $MYROLE
- fi
- PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_USERGROUPS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=tks
- run_tks-ad_usergroups $subsystemType $MYROLE
+ PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_ACLS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ocsp
+ run_admin-ocsp-acl_tests $subsystemType $MYROLE
fi
- PKI_LEGACY_TKS_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_ACLS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_TKS_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=tks
- run_admin-tks-acl_tests $subsystemType $MYROLE
+ PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_LOGS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ocsp
+ run_admin-ocsp-log_tests $subsystemType $MYROLE
fi
- PKI_LEGACY_TKS_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_LOGS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_TKS_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=tks
- run_admin-tks-log_tests $subsystemType $MYROLE
+ PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_INTERNALDB | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ocsp
+ run_admin-ocsp-internaldb_tests $subsystemType $MYROLE
fi
- PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_INTERNALDB | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=tks
- run_admin-tks-internaldb_tests $subsystemType $MYROLE
+ PKI_LEGACY_OCSP_AG_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AG_TESTS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_OCSP_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ocsp
+ run_ocsp-ag_tests $subsystemType $MYROLE
fi
- PKI_LEGACY_IPA_UPPERCASE=$(echo $PKI_LEGACY_IPA_TESTS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_IPA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
- subsystemType=ca
- run_ipa_backend_plugin $subsystemType $MYROLE
+ PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_USERGROUPS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=tks
+ run_tks-ad_usergroups $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_TKS_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_ACLS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_TKS_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=tks
+ run_admin-tks-acl_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_TKS_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_LOGS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_TKS_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=tks
+ run_admin-tks-log_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_INTERNALDB | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=tks
+ run_admin-tks-internaldb_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE=$(echo $PKI_LEGACY_TPS_ENROLLMENTS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=tps
+ run_tps-enrollment_tests $subsystemType $MYROLE
fi
- PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_CA_TESTS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
- subsystemType=ca
- clone_legacy_ca_tests $subsystemType $MYROLE
- fi
+ PKI_LEGACY_IPA_UPPERCASE=$(echo $PKI_LEGACY_IPA_TESTS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_IPA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ run_ipa_backend_plugin $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_CA_TESTS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
+ subsystemType=ca
+ clone_legacy_ca_tests $subsystemType $MYROLE
+ fi
PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_KRA_TESTS | tr [a-z] [A-Z])
- if [ "$PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
- subsystemType=kra
- clone_legacy_drm_tests $subsystemType $MYROLE
+ if [ "$PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then
+ subsystemType=kra
+ clone_legacy_drm_tests $subsystemType $MYROLE
+ fi
+ PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE=$(echo $PKI_LEGACY_TPS_ENROLLMENTS | tr [a-z] [A-Z])
+ if [ "$PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ subsystemType=tps
+ run_tps-enrollment_tests $subsystemType $MYROLE
+ fi
+ ######## INSTALL TESTS ############
+ PKI_INSTALL_TESTS_UPPERCASE=$(echo $PKI_INSTALL_TESTS | tr [a-z] [A-Z])
+ if [ "$PKI_INSTALL_TESTS_UPPERCASE" = "TRUE" ] ; then
+ # Execute pki install tests
+ subsystemId=$CA_INST
+ subsystemType=ca
+ # Execute pki KRA install tests
+ run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE
+ subsystemId=$KRA_INST
+ subsystemType=kra
+ run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE
+ # Execute pki OCSP install tests
+ subsystemId=$OCSP_INST
+ subsystemType=ocsp
+ run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE
+ # Execute pki TKS install tests
+ subsystemId=$TKS_INST
+ subsystemType=tks
+ run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE
+ # Execute pki TPS install tests
+ subsystemId=$TPS_INST
+ subsystemType=tps
+ run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE
+ fi
+
+ PKI_CA_INSTALL_UPPERCASE=$(echo $PKI_CA_INSTALL | tr [a-z] [A-Z])
+ if [ "$PKI_CA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki CA install tests
+ subsystemId=$CA_INST
+ subsystemType=ca
+ run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE
+ fi
+
+ PKI_KRA_INSTALL_UPPERCASE=$(echo $PKI_KRA_INSTALL | tr [a-z] [A-Z])
+ if [ "$PKI_KRA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki KRA install tests
+ subsystemId=$KRA_INST
+ subsystemType=kra
+ run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE
+ fi
+
+ PKI_OCSP_INSTALL_UPPERCASE=$(echo $PKI_OCSP_INSTALL | tr [a-z] [A-Z])
+ if [ "$PKI_OCSP_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki OCSP install tests
+ subsystemId=$OCSP_INST
+ subsystemType=ocsp
+ run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE
+ fi
+
+ PKI_TKS_INSTALL_UPPERCASE=$(echo $PKI_TKS_INSTALL | tr [a-z] [A-Z])
+ if [ "$PKI_TKS_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki TKS install tests
+ subsystemId=$TKS_INST
+ subsystemType=tks
+ run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE
+ fi
+ PKI_TPS_INSTALL_UPPERCASE=$(echo $PKI_TPS_INSTALL | tr [a-z] [A-Z])
+ if [ "$PKI_TPS_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+ # Execute pki TPS install tests
+ subsystemId=$TPS_INST
+ subsystemType=tps
+ run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE
fi
rlPhaseEnd
######## DEV UNIT TESTS ############
diff --git a/tests/dogtag/shared/env.sh b/tests/dogtag/shared/env.sh
index 3973d21bf..6f8dd12cd 100644
--- a/tests/dogtag/shared/env.sh
+++ b/tests/dogtag/shared/env.sh
@@ -467,6 +467,51 @@ TKS2_ADMIN_PASSWORD="Secret123"
TKS2_CLIENT_PKCS12_PASSWORD=Secret123
####### End TKS2 Params ######
+######### TPS1 Parmams used in QUICKINSTALL and topology1 #########
+TPS1_TOMCAT_INSTANCE_NAME="pki-master"
+TPS1_SECURE_PORT=30042
+TPS1_UNSECURE_PORT=30044
+TPS1_AJP_PORT=30049
+TPS1_TOMCAT_SERVER_PORT=30045
+TPS1_AUDIT_SIGNING_KEY_TYPE=rsa
+TPS1_AUDIT_SIGNING_KEY_SIZE=2048
+TPS1_AUDIT_SIGNING_KEY_ALGORITHM=SHA512withRSA
+TPS1_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA
+TPS1_AUDIT_SIGNING_TOKEN=Internal
+TPS1_AUDIT_SIGNING_CERT_NICKNAME="tps1auditsigningcert"
+TPS1_AUDIT_SIGNING_SUBJECT_DN="CN=PKI TPS1 AUDIT Signing Certificate, O=Redhat"
+
+TPS1_SSL_SERVER_KEY_TYPE=rsa
+TPS1_SSL_SERVER_KEY_SIZE=2048
+TPS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA
+TPS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA
+TPS1_SSL_SERVER_TOKEN=Internal
+TPS1_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA"
+TPS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat"
+TPS1_SUBSYSTEM_KEY_TYPE="rsa"
+TPS1_SUBSYSTEM_KEY_SIZE=2048
+TPS1_SUBSYSTEM_KEY_ALGORITHM=SHA512withRSA
+TPS1_SUBSYSTEM_SIGNING_ALGORITHM=SHA512withRSA
+TPS1_SUBSYSTEM_TOKEN="Internal"
+TPS1_SUBSYSTEM_CERT_NICKNAME="tps1subsystemcert"
+TPS1_SUBSYSTEM_SUBJECT_DN="cn=PKI TPS1 SUBSYSTEM CERT,O=redhat"
+TPS1_ADMIN_USER="tps1admin"
+TPS1_ADMIN_PASSWORD="Secret123"
+TPS1_ADMIN_EMAIL="example@redhat.com"
+TPS1_ADMIN_DUAL_KEY=True
+TPS1_ADMIN_KEY_SIZE=2048
+TPS1_ADMIN_KEY_TYPE="rsa"
+TPS1_ADMIN_SUBJECT_DN="cn=PKI TPS1 ADMIN,O=redhat"
+TPS1_ADMIN_CERT_NICKNAME="tps1admincert"
+TPS1_LDAP_PORT=1604
+TPS1_LDAP_INSTANCE_NAME=pki-tps1-ldap
+TPS1_DB_SUFFIX="dc=pki-tps1"
+TPS1_BACKUP_PASSWORD="Secret123"
+TPS1_CLIENT_PKCS12_PASSWORD="Secret123"
+TPS1_SERVER_KEYGEN=True
+TPS1_AUTHDB_HOST="`hostname`"
+########End TPS Params#######
+
##### GENERIC PARAMS #####
CLIENT_DIR="/opt/rhqa_pki"
CERTDB_DIR="/opt/rhqa_pki/certs_db"
@@ -772,6 +817,36 @@ CLONE_TKS1_SSL_SERVER_NICKNAME=cloneca1sslservercert
CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat"
##### End of CLONE_TKS1 params ######
+###### CLONE_TPS1 params -- used by QUICKINSTALL and topology 1 #########
+
+CLONE_TPS1_TOMCAT_INSTANCE_NAME=clone1
+CLONE_TPS1_SECURE_PORT=30002
+CLONE_TPS1_UNSECURE_PORT=30009
+CLONE_TPS1_AJP_PORT=30004
+CLONE_TPS1_TOMCAT_SERVER_PORT=30005
+CLONE_TPS1_ADMIN_USER=clonetpsadmin
+CLONE_TPS1_ADMIN_EMAIL=example@redhat.com
+CLONE_TPS1_ADMIN_DUAL_KEY=True
+CLONE_TPS1_ADMIN_KEY_SIZE=2048
+CLONE_TPS1_ADMIN_KEY_TYPE=rsa
+CLONE_TPS1_ADMIN_SUBJECT_DN="cn=PKI TPS ADMIN CLONE, O=redhat"
+CLONE_TPS1_ADMIN_CERT_NICKNAME=clonetpsadmincert
+CLONE_TPS1_ADMIN_PASSWORD=Secret123
+CLONE_TPS1_DS_HOSTNAME=`hostname`
+CLONE_TPS1_LDAP_PORT=2900
+CLONE_TPS1_LDAP_INSTANCE_NAME=pki-clonetps1
+CLONE_TPS1_SECURE_CONN=False
+CLONE_TPS1_REMOVE_DATA=True
+CLONE_TPS1_SSL_SERVER_KEY_TYPE=rsa
+CLONE_TPS1_SSL_SERVER_KEY_SIZE=2048
+CLONE_TPS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA
+CLONE_TPS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA
+CLONE_TPS1_SSL_SERVER_TOKEN=Internal
+CLONE_TPS1_SSL_SERVER_NICKNAME=cloneca1sslservercert
+CLONE_TPS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat"
+CLONE_TPS1_SERVER_KEYGEN=True
+##### End of CLONE_TPS1 params ######
+
##### CLONE2 generic params #########
CLONE2_TOMCAT_INSTANCE_NAME="pki-clone2"
@@ -855,6 +930,12 @@ CLONE_TKS2_ADMIN_PASSWORD=Secret123
CLONE_TKS2_DS_HOSTNAME=localhost
######## End of CLONE_TKS2 params #######
+######MS ADCS params#######
+MS_ipaddr="10.13.129.103"
+MS_username="CORP\\Administrator"
+MS_password="Secret123"
+######End of MS ADCS params####
+
export CLONE_CA1_LDAP_INSTANCE_NAME CLONE_TKS1_LDAP_INSTANCE_NAME CLONE_OCSP1_LDAP_INSTANCE_NAME CLONE_KRA1_LDAP_INSTANCE_NAME CLONE1_GROUP_AUDIT CERTDB_DIR CERTDB_DIR_PASSWORD CLONE_CA1_TOMCAT_INSTANCE_NAME CLONE_KRA1_ADMIN_USER CLONE_KRA1_ADMIN_EMAIL CLONE_KRA1_ADMIN_DUAL_KEY CLONE_KRA1_ADMIN_KEY_SIZE CLONE_KRA1_ADMIN_KEY_TYPE CLONE_KRA1_ADMIN_SUBJECT_DN CLONE_KRA1_ADMIN_CERT_NICKNAME CLONE_ADMIN_IMPORT_CERT CLONE_KRA1_DS_HOSTNAME CLONE_KRA1_LDAP_PORT CLONE_KRA1_SECURE_CONN CLONE_KRA1_REMOVE_DATA CLONE_OCSP1_ADMIN_USER CLONE_OCSP1_ADMIN_EMAIL CLONE_OCSP1_ADMIN_DUAL_KEY CLONE_OCSP1_ADMIN_KEY_SIZE CLONE_OCSP1_ADMIN_KEY_TYPE CLONE_OCSP1_ADMIN_SUBJECT_DN CLONE_OCSP1_ADMIN_CERT_NICKNAME CLONE_OCSP1_ADMIN_PASSWORD CLONE_OCSP1_DS_HOSTNAME CLONE_OCSP1_LDAP_PORT CLONE_OCSP1_SECURE_CONN CLONE_OCSP1_REMOVE_DATA CLONE_TKS1_ADMIN_USER CLONE_TKS1_ADMIN_EMAIL CLONE_TKS1_ADMIN_DUAL_KEY CLONE_TKS1_ADMIN_KEY_SIZE CLONE_TKS1_ADMIN_KEY_TYPE CLONE_TKS1_ADMIN_SUBJECT_DN CLONE_TKS1_ADMIN_CERT_NICKNAME CLONE_TKS1_ADMIN_PASSWORD CLONE_TKS1_DS_HOSTNAME CLONE_TKS1_LDAP_PORT CLONE_TKS1_SECURE_CONN CLONE_TKS1_REMOVE_DATA ROOTCA_SUBSYSTEM_KEY_TYPE ROOTCA_SUBYSTEM_KEY_SIZE ROOTCA_SUBSYSTEM_KEY_ALGORITHM ROOTCA_SUBSYSTEM_SIGNING_ALGORITHM ROOTCA_SUBSYSTEM_TOKEN ROOTCA_SUBSYTEM_NICKNAME ROOTCA_SUBSYSTEM_SUBJECT_DN
@@ -887,3 +968,4 @@ export ROOTCA_SSL_SERVER_KEY_TYPE ROOTCA_SSL_SERVER_KEY_SIZE ROOTCA_SSL_SERVER_K
export KRA1_SSL_SERVER_KEY_TYPE CLIENT_DIR KRA1_SSL_SERVER_KEY_SIZE KRA1_SSL_SERVER_KEY_ALGORITHM KRA1_SSL_SERVER_SIGNING_ALGORITHM KRA1_SSL_SERVER_TOKEN KRA1_SSL_SERVER_NICKNAME KRA1_SSL_SERVER_CERT_SUBJECT_NAME KRA2_SSL_SERVER_KEY_TYPE KRA2_SSL_SERVER_KEY_SIZE KRA2_SSL_SERVER_KEY_ALGORITHM KRA2_SSL_SERVER_SIGNING_ALGORITHM KRA2_SSL_SERVER_TOKEN KRA2_SSL_SERVER_NICKNAME KRA2_SSL_SERVER_CERT_SUBJECT_NAME KRA3_SSL_SERVER_KEY_TYPE KRA3_SSL_SERVER_KEY_SIZE KRA3_SSL_SERVER_KEY_ALGORITHM KRA3_SSL_SERVER_SIGNING_ALGORITHM KRA3_SSL_SERVER_TOKEN KRA3_SSL_SERVER_NICKNAME KRA3_SSL_SERVER_CERT_SUBJECT_NAME OCSP1_SSL_SERVER_KEY_TYPE OCSP1_SSL_SERVER_KEY_SIZE OCSP1_SSL_SERVER_KEY_ALGORITHM OCSP1_SSL_SERVER_SIGNING_ALGORITHM OCSP1_SSL_SERVER_TOKEN OCSP1_SSL_SERVER_NICKNAME OCSP1_SSL_SERVER_CERT_SUBJECT_NAME OCSP2_SSL_SERVER_KEY_TYPE OCSP2_SSL_SERVER_KEY_SIZE OCSP2_SSL_SERVER_KEY_ALGORITHM OCSP2_SSL_SERVER_SIGNING_ALGORITHM OCSP2_SSL_SERVER_TOKEN OCSP2_SSL_SERVER_NICKNAME OCSP2_SSL_SERVER_CERT_SUBJECT_NAME OCSP3_SSL_SERVER_KEY_TYPE OCSP3_SSL_SERVER_KEY_SIZE OCSP3_SSL_SERVER_KEY_ALGORITHM OCSP3_SSL_SERVER_SIGNING_ALGORITHM OCSP3_SSL_SERVER_TOKEN OCSP3_SSL_SERVER_NICKNAME OCSP3_SSL_SERVER_CERT_SUBJECT_NAME TKS1_SSL_SERVER_KEY_TYPE TKS1_SSL_SERVER_KEY_SIZE TKS1_SSL_SERVER_KEY_ALGORITHM TKS1_SSL_SERVER_SIGNING_ALGORITHM TKS1_SSL_SERVER_TOKEN TKS1_SSL_SERVER_NICKNAME TKS1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_CA1_SSL_SERVER_KEY_TYPE CLONE_CA1_SSL_SERVER_KEY_SIZE CLONE_CA1_SSL_SERVER_KEY_ALGORITHM CLONE_CA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_CA1_SSL_SERVER_TOKEN CLONE_CA1_SSL_SERVER_NICKNAME CLONE_CA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_KRA1_SSL_SERVER_KEY_TYPE CLONE_KRA1_SSL_SERVER_KEY_SIZE CLONE_KRA1_SSL_SERVER_KEY_ALGORITHM CLONE_KRA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_KRA1_SSL_SERVER_TOKEN CLONE_KRA1_SSL_SERVER_NICKNAME CLONE_KRA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_OCSP1_SSL_SERVER_KEY_TYPE CLONE_OCSP1_SSL_SERVER_KEY_SIZE CLONE_OCSP1_SSL_SERVER_KEY_ALGORITHM CLONE_OCSP1_SSL_SERVER_SIGNING_ALGORITHM CLONE_OCSP1_SSL_SERVER_TOKEN CLONE_OCSP1_SSL_SERVER_NICKNAME CLONE_OCSP1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_TKS1_SSL_SERVER_KEY_TYPE CLONE_TKS1_SSL_SERVER_KEY_SIZE CLONE_TKS1_SSL_SERVER_KEY_ALGORITHM CLONE_TKS1_SSL_SERVER_SIGNING_ALGORITHM CLONE_TKS1_SSL_SERVER_TOKEN CLONE_TKS1_SSL_SERVER_NICKNAME CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME
+export MS_ipaddr MS_username MS_password
diff --git a/tests/dogtag/shared/pki-cert-cli-lib.sh b/tests/dogtag/shared/pki-cert-cli-lib.sh
index ca9f160d9..0a20e0852 100755
--- a/tests/dogtag/shared/pki-cert-cli-lib.sh
+++ b/tests/dogtag/shared/pki-cert-cli-lib.sh
@@ -347,6 +347,21 @@ create_new_cert_request()
return 1
fi
fi
+ if [ "$request_type" == "crmfdual" ] && [ "$archive" == "true" ];then
+ rlLog "PWD=$PWD"
+ rlLog "Get Transport Cert"
+ rlRun "cat $CA_SERVER_ROOT/conf/CS.cfg | grep ca.connector.KRA.transportCert | awk -F \"=\" '{print \$2}' > transport.txt"
+ rlRun "set_newjavapath \":./:/usr/lib/java/jss4.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/apache-commons-codec.jar:/opt/rhqa_pki/jars/pki-qe-tools.jar:\"" 0 "Setting Java CLASSPATH"
+ rlRun "source /opt/rhqa_pki/env.sh" 0 "Set Environment Variables"
+ rlLog "Executing generateDualCRMFRequest"
+ rlLog "java -cp $CLASSPATH generateDualCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file -transport_cert_file transport.txt 1> $dir/crmf.out"
+ rlRun "java -cp $CLASSPATH generateDualCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file -transport_cert_file transport.txt 1> $dir/crmf.out"
+ RETVAL=$?
+ if [ $RETVAL != 0 ]; then
+ rlFail "CRMFPopClient Failed"
+ return 1
+ fi
+ fi
#### Strip headers from request, Note for CRMF requests Our class doesn't generate the headers
if [ "$request_type" == "pkcs10" ] || [ "$archive" == "false" ]; then
@@ -979,3 +994,55 @@ run_req_action_cert()
echo PKI_ERROR=$(cat $tmp_nss_db/pki-req-approve-out) >> $cert_info
fi
}
+##################################################################
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
+### This script generates an xml file with the certificate request
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
+generate_xml()
+{
+ cert_request_file=$1
+ cert_subject_file=$2
+ xml_profile_file=$3
+ cert_profile=$4
+ rlLog "cert_request_file=$cert_request_file"
+ rlLog "cert_subject_file=$cert_subject_file"
+ rlLog "xml_profile_file=$xml_profile_file"
+ rlLog "cert_profile=$cert_profile"
+
+ local request_type=$(cat $cert_subject_file | grep RequestType: | cut -d: -f2)
+ local subject_cn=$(cat $cert_subject_file | grep CN: | cut -d: -f2)
+ local subject_uid=$(cat $cert_subject_file | grep UID: | cut -d: -f2)
+ local subject_email=$(cat $cert_subject_file | grep Email: | cut -d: -f2)
+ local subject_ou=$(cat $cert_subject_file | grep OU: | cut -d: -f2)
+ local subject_org=$(cat $cert_subject_file | grep Org: | cut -d: -f2)
+ local subject_c=$(cat $cert_subject_file | grep Country: | cut -d: -f2)
+
+
+ if [ "$cert_profile" == "caUserCert" ] || [ "$cert_profile" == "caUserSMIMEcapCert" ] || [ "$cert_profile" == "caDualCert" ];then
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v \"$request_type\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $cert_request_file)\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v \"$subject_uid\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v \"$subject_email\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v \"$subject_cn\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v \"$subject_ou\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v \"$subject_org\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v \"$subject_c\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v \"$subject_cn\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v \"$subject_email\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $xml_profile_file"
+ fi
+
+ if [ "$cert_profile" != "CaDualCert" ] && \
+ [ "$cert_profile" != "caDirPinUserCert" ] && \
+ [ "$cert_profile" != "caDirUserCert" ] && \
+ [ "$cert_profile" != "caECDirUserCert" ] && \
+ [ "$cert_profile" != "caAgentServerCert" ] && \
+ [ "$cert_profile" != "caUserCert" ] &&
+ [ "$cert_profile" != "caUserSMIMEcapCert" ]; then
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v \"$request_type\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $cert_request_file)\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v \"$subject_cn\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v \"$subject_email\" $xml_profile_file"
+ rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $xml_profile_file"
+ fi
+}
diff --git a/tests/dogtag/shared/rhcs-shared.sh b/tests/dogtag/shared/rhcs-shared.sh
index a1398d450..974bba9ee 100755
--- a/tests/dogtag/shared/rhcs-shared.sh
+++ b/tests/dogtag/shared/rhcs-shared.sh
@@ -825,7 +825,6 @@ local DOMAIN=$(hostname)
echo -e "memberUid: idmuser$COUNT"
COUNT=`expr $COUNT + 1`
done
-
}
#################################################################
@@ -836,8 +835,8 @@ gen_enroll_data_file()
{
tps_host=$1
tps_port=$2
- cuid=$3
- ldap_user=$4
+ tokenid=$3
+ ldapuser=$4
ldap_userpwd=$5
data_file=$6
new_pin="redhat"
@@ -845,23 +844,23 @@ gen_enroll_data_file()
echo "op=var_set name=ra_host value=$tps_host" > $data_file
echo "op=var_set name=ra_port value=$tps_port" >> $data_file
echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file
- echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
+ echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file
echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file
echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file
- echo "op=ra_enroll uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
+ echo "op=ra_enroll uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
echo "op=exit" >> $data_file
}
############################################################################################################
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
-### This script creates a tpsclient format file
+### This script createa a tpsclient format file
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
gen_format_data_file()
{
tps_host=$1
tps_port=$2
- cuid=$3
- ldap_user=$4
+ tokenid=$3
+ ldapuser=$4
ldap_userpwd=$5
data_file=$6
new_pin="redhat"
@@ -869,11 +868,11 @@ gen_format_data_file()
echo "op=var_set name=ra_host value=$tps_host" > $data_file
echo "op=var_set name=ra_port value=$tps_port" >> $data_file
echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file
- echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
+ echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file
echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file
echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file
- echo "op=ra_format uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
+ echo "op=ra_format uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1 extensions=tokenType=userKey" >> $data_file
echo "op=exit" >> $data_file
}
############################################################################################################
@@ -884,8 +883,8 @@ gen_pin_reset_data_file()
{
tps_host=$1
tps_port=$2
- cuid=$3
- ldap_user=$4
+ tokenid=$3
+ ldapuser=$4
ldap_userpwd=$5
data_file=$6
new_pin="redhat"
@@ -893,12 +892,12 @@ gen_pin_reset_data_file()
echo "op=var_set name=ra_host value=$tps_host" > $data_file
echo "op=var_set name=ra_port value=$tps_port" >> $data_file
echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file
- echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
+ echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file
echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file
echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file
echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file
- echo "op=ra_reset_pin uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
+ echo "op=ra_reset_pin uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file
echo "op=exit" >> $data_file
}
#################################################################
-
+
diff --git a/tests/dogtag/topologies.sh b/tests/dogtag/topologies.sh
index 34af25c73..21831982f 100755
--- a/tests/dogtag/topologies.sh
+++ b/tests/dogtag/topologies.sh
@@ -134,34 +134,37 @@ run_rhcs_install_set_vars()
############################################################
run_rhcs_install_quickinstall()
-{
+{
rlPhaseStartTest "run_rhcs_install_quickinstall - Install Master, Clone and SUBCA"
- rlLog "QuickInstall - run_rhcs_install_quickinstall"
- local BEAKERMASTER=$MASTER
- local number=3
- local TKS_number=1
- local CA=ROOTCA
+ rlLog "QuickInstall - run_rhcs_install_quickinstall"
+ local BEAKERMASTER=$MASTER
+ local number=3
+ local TKS_number=1
+ local TPS_number=1
+ local CA=ROOTCA
local CLONE_number=1
- local SUBCA_number=1
- local MASTER_KRA=KRA3
- local MASTER_OCSP=OCSP3
- run_rhcs_install_packages
+ local SUBCA_number=1
+ local MASTER_KRA=KRA3
+ local MASTER_OCSP=OCSP3
+ local MASTER_TKS=TKS1
+ run_rhcs_install_packages
run_install_subsystem_RootCA
run_install_subsystem_kra $number $BEAKERMASTER $CA
run_install_subsystem_ocsp $number $BEAKERMASTER $CA
run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA
+ run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS
run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA
run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA
#run_install_subsystem_cloneOCSP $CLONE_number $BEAKERMASTER $CA $MASTER_OCSP
run_install_subsystem_cloneTKS $CLONE_number $BEAKERMASTER $CA
- run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA
- run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12"
- run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12"
+ #run_install_subsystem_cloneTPS $CLONE_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS
+ run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA
+ run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12"
+ run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12"
- rlPhaseEnd
+ rlPhaseEnd
}
-
#######Topology 1#######
#SubCA1 - RootCA - Clone CA1
# (H3) (H1) (H2)
@@ -725,27 +728,27 @@ run_rhcs_install_topo_8()
}
-
-
-
run_rhcs_install_topo_9()
{
- rlPhaseStartTest "run_rhcs_install_quickinstall - Install Master, Clone and SUBCA"
- rlLog "QuickInstall - run_rhcs_install_quickinstall"
+ rlPhaseStartTest "run_rhcs_install_topo9 - Install Master, Clone and SUBCA"
+ rlLog "In topo9"
local BEAKERMASTER=$MASTER
local number=3
local TKS_number=1
+ local TPS_number=1
local CA=ROOTCA
local CLONE_number=1
local SUBCA_number=1
local MASTER_KRA=KRA3
local MASTER_OCSP=OCSP3
- run_rhcs_edit_env
+ local MASTER_TKS=TKS1
+ run_rhcs_edit_env
run_rhcs_install_packages
run_install_subsystem_RootCA
run_install_subsystem_kra $number $BEAKERMASTER $CA
run_install_subsystem_ocsp $number $BEAKERMASTER $CA
run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA
+ run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS
run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA
run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA
#run_install_subsystem_cloneOCSP $CLONE_number $BEAKERMASTER $CA $MASTER_OCSP
@@ -759,39 +762,52 @@ run_rhcs_install_topo_9()
run_rhcs_edit_env ()
{
rlPhaseStartTest "run_rhcs_edit_env - edit env.sh for different tomcat instances for every subsystem"
- sed -i 's/^\(KRA3_TOMCAT_INSTANCE_NAME=\).*/\1rootkra/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(OCSP3_TOMCAT_INSTANCE_NAME=\).*/\1rootocsp/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(TKS1_TOMCAT_INSTANCE_NAME=\).*/\1roottks/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_KRA1_TOMCAT_INSTANCE_NAME=\).*/\1clonekra1/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_OCSP1_TOMCAT_INSTANCE_NAME=\).*/\1cloneocsp1/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_TKS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetks1/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(KRA3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(OCSP3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_KRA1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_OCSP1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(KRA3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(OCSP3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_KRA1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_OCSP1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(KRA3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(OCSP3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_KRA1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_OCSP1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(KRA3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(OCSP3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_KRA1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_OCSP1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
- sed -i 's/^\(CLONE_TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(KRA3_TOMCAT_INSTANCE_NAME=\).*/\1rootkra/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(OCSP3_TOMCAT_INSTANCE_NAME=\).*/\1rootocsp/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TKS1_TOMCAT_INSTANCE_NAME=\).*/\1roottks/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TPS1_TOMCAT_INSTANCE_NAME=\).*/\1roottps/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_KRA1_TOMCAT_INSTANCE_NAME=\).*/\1clonekra1/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_OCSP1_TOMCAT_INSTANCE_NAME=\).*/\1cloneocsp1/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TKS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetks1/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TPS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetps1/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(KRA3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(OCSP3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TPS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_KRA1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_OCSP1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TPS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(KRA3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(OCSP3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TPS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_KRA1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_OCSP1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TPS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(KRA3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(OCSP3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TPS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_KRA1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_OCSP1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TPS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(KRA3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(OCSP3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(TPS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_KRA1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_OCSP1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ sed -i 's/^\(CLONE_TPS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh
+ . /opt/rhqa_pki/env.sh
rlPhaseEnd
}
+
+
######### Routine to get subsystem IDs ########
get_rhcs_subsystem_id()
{