diff options
author | Roshni Pattath <rpattath@redhat.com> | 2015-04-20 12:38:00 -0400 |
---|---|---|
committer | Roshni Pattath <rpattath@redhat.com> | 2015-04-20 12:39:36 -0400 |
commit | 35a946e1b1a8f8c7e27891f5c4a3845212f49251 (patch) | |
tree | 08984e9f33be27e6033675d04033dd13064a4b28 /tests | |
parent | 4e7c48121aed229e21302e0b8a0c3096b3e851bd (diff) | |
download | pki-35a946e1b1a8f8c7e27891f5c4a3845212f49251.tar.gz pki-35a946e1b1a8f8c7e27891f5c4a3845212f49251.tar.xz pki-35a946e1b1a8f8c7e27891f5c4a3845212f49251.zip |
TPS Legacy tests
TPS Leagcy tests, TPS install tests, MS CA external CA test and other changes to install tests
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/dogtag/Makefile | 18 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh | 88 | ||||
-rw-r--r-- | tests/dogtag/acceptance/install-tests/ca-installer.sh | 461 | ||||
-rw-r--r-- | tests/dogtag/acceptance/install-tests/kra-installer.sh | 160 | ||||
-rw-r--r-- | tests/dogtag/acceptance/install-tests/ocsp-installer.sh | 160 | ||||
-rw-r--r-- | tests/dogtag/acceptance/install-tests/tks-installer.sh | 163 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/install-tests/tps-installer.sh | 242 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh | 5703 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh | 559 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/quickinstall/rhcs-install.sh | 161 | ||||
-rwxr-xr-x | tests/dogtag/runtest.sh | 369 | ||||
-rw-r--r-- | tests/dogtag/shared/env.sh | 82 | ||||
-rwxr-xr-x | tests/dogtag/shared/pki-cert-cli-lib.sh | 67 | ||||
-rwxr-xr-x | tests/dogtag/shared/rhcs-shared.sh | 29 | ||||
-rwxr-xr-x | tests/dogtag/topologies.sh | 118 |
15 files changed, 7864 insertions, 516 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index 74c5fa355..182db1e8e 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -275,8 +275,8 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh chmod a+x ./acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh chmod a+x ./acceptance/legacy/subca-tests/crls/subca-ag-crls.sh - chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh + chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh @@ -287,13 +287,15 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh chmod a+x ./acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh chmod a+x ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh - chmod a+x ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh - chmod a+x ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh - chmod a+x ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh + chmod a+x ./acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh chmod a+x ./acceptance/legacy/tks-tests/usergroups/tks-ad-usergroups.sh + chmod a+x ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh + chmod a+x ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh + chmod a+x ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh chmod a+x ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh - chmod a+x ./acceptance/legacy/clone_ca_tests/clone_tests.sh chmod a+x ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh + chmod a+x ./acceptance/legacy/clone_ca_tests/clone_tests.sh + chmod a+x ./acceptance/legacy/tps-tests/tps-enrollments.sh # bug verifications chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh @@ -304,6 +306,12 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1133718.sh chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1040640.sh chmod a+x ./acceptance/bugzilla/pki-core-bugs/bug-790924.sh + #installer tests + chmod a+x ./acceptance/install-tests/ca-installer.sh + chmod a+x ./acceptance/install-tests/kra-installer.sh + chmod a+x ./acceptance/install-tests/ocsp-installer.sh + chmod a+x ./acceptance/install-tests/tks-installer.sh + chmod a+x ./acceptance/install-tests/tps-installer.sh clean: rm -f *~ $(BUILT_FILES) diff --git a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh index dd581b960..ee1ad3c8a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh @@ -66,39 +66,41 @@ else fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) - eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminV_fullName=${subsystemId}_Admin_ValidCert -eval ${subsystemId}_adminV_password=${subsystemId}_adminV_password -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminR_fullName=${subsystemId}_Admin_RevokedCert -eval ${subsystemId}_adminR_password=${subsystemId}_adminR_password -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminE_fullName=${subsystemId}_admin_ExpiredCert -eval ${subsystemId}_adminE_password=${subsystemId}_adminE_password -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_adminUTCA_fullName=${subsystemId}_Admin_CertIssuedByUntrustedCA -eval ${subsystemId}_adminUTCA_password=${subsystemId}_adminUTCA_password -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentV_fullName=${subsystemId}_Agent_ValidCert -eval ${subsystemId}_agentV_password=${subsystemId}_agentV_password -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentR_fullName=${subsystemId}_Agent_RevokedCert -eval ${subsystemId}_agentR_password=${subsystemId}_agentR_password -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_agentE_fullName=${subsystemId}_agent_ExpiredCert -eval ${subsystemId}_agentE_password=${subsystemId}_agentE_password -eval ${subsystemId}_agentUTCA_user=${subsystemId}_agentUTCA -eval ${subsystemId}_agentUTCA_fullName=${subsystemId}_Agent_CertIssuedByUntrustedCA -eval ${subsystemId}_agentUTCA_password=${subsystemId}_agentUTCA_password -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_auditV_fullName=${subsystemId}_Audit_ValidCert -eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV -eval ${subsystemId}_operatorV_password=${subsystemId}_operatorV_password -eval ${subsystemId}_operatorV_fullName=${subsystemId}_Operator_ValidCert + eval ${subsystemId}_adminV_fullName=${subsystemId}_Admin_ValidCert + eval ${subsystemId}_adminV_password=${subsystemId}_adminV_password + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminR_fullName=${subsystemId}_Admin_RevokedCert + eval ${subsystemId}_adminR_password=${subsystemId}_adminR_password + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminE_fullName=${subsystemId}_admin_ExpiredCert + eval ${subsystemId}_adminE_password=${subsystemId}_adminE_password + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_adminUTCA_fullName=${subsystemId}_Admin_CertIssuedByUntrustedCA + eval ${subsystemId}_adminUTCA_password=${subsystemId}_adminUTCA_password + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentV_fullName=${subsystemId}_Agent_ValidCert + eval ${subsystemId}_agentV_password=${subsystemId}_agentV_password + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentR_fullName=${subsystemId}_Agent_RevokedCert + eval ${subsystemId}_agentR_password=${subsystemId}_agentR_password + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_agentE_fullName=${subsystemId}_agent_ExpiredCert + eval ${subsystemId}_agentE_password=${subsystemId}_agentE_password + eval ${subsystemId}_agentUTCA_user=${subsystemId}_agentUTCA + eval ${subsystemId}_agentUTCA_fullName=${subsystemId}_Agent_CertIssuedByUntrustedCA + eval ${subsystemId}_agentUTCA_password=${subsystemId}_agentUTCA_password + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + eval ${subsystemId}_operatorV_password=${subsystemId}_operatorV_password + eval ${subsystemId}_operatorV_fullName=${subsystemId}_Operator_ValidCert -export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_adminE_user ${subsystemId}_adminUTCA_user ${subsystemId}_agentV_user ${subsystemId}_agentR_user ${subsystemId}_agentE_user ${subsystemId}_agentUT${subsystemId}_user ${subsystemId}_auditV_user ${subsystemId}_operatorV_user + export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_adminE_user ${subsystemId}_adminUTCA_user ${subsystemId}_agentV_user ${subsystemId}_agentR_user ${subsystemId}_agentE_user ${subsystemId}_agentUTCA_user ${subsystemId}_operatorV_user +if [ $SUBSYSTEM_TYPE != "tps" ] ; then + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_auditV_fullName=${subsystemId}_Audit_ValidCert + eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password + export ${subsystemId}_auditV_user +fi ###################################################################### rlPhaseStartSetup "create-role-user-startup: Create temp directory and import CA agent cert into a nss certificate db and trust CA root cert" @@ -119,7 +121,11 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi rlPhaseEnd rlPhaseStartSetup "Creating user and add user to the group" - user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password)) + if [ $SUBSYSTEM_TYPE = "tps" ] ; then + user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password)) + else + user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password)) + fi i=0 while [ $i -lt ${#user[@]} ] ; do userid=${user[$i]} @@ -164,7 +170,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi agent_group_name="Token Key Service Manager Agents" elif [ "$SUBSYSTEM_TYPE" = "tps" ] ; then #### Enter correct TPS agent group #### - agent_group_name="TPS Manager Agents" + agent_group_name="TPS Agents" fi rlRun "pki -d $CERTDB_DIR \ -n \"$admin_cert_nickname\" \ @@ -192,23 +198,27 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" elif [ $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then + if [ "$SUBSYSTEM_TYPE" = "tps" ] ; then + operator_group_name="TPS Operators" + else + operator_group_name="Trusted Managers" + fi rlRun "pki -d $CERTDB_DIR \ -n \"$admin_cert_nickname\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - group-member-add \"Trusted Managers\" $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ + group-member-add \"$operator_group_name\" $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ 0 \ - "Add user $userid to Trusted Managers group" + "Add user $userid to $operator_group_name group" rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" fi #================# - - if [ $userid == $(eval echo \$${subsystemId}_adminV_user) -o $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_adminE_user) -o $userid == $(eval echo \$${subsystemId}_agentV_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) -o $userid == $(eval echo \$${subsystemId}_agentE_user) -o $userid == $(eval echo \$${subsystemId}_auditV_user) -o $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then + if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then if [ "$MYROLE" = "MASTER" ]; then - get_topo_stack MASTER $TmpDir/topo_file + get_topo_stack $MYROLE $TmpDir/topo_file if [ $subsystemId = "SUBCA1" ]; then MYCAHOST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) elif [ $subsystemId = "CLONE_CA1" ]; then @@ -247,7 +257,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $userid@example.com $temp_file" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file" - if [ $userid == $(eval echo \$${subsystemId}_adminV_user) -o $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_agentV_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) -o $userid == $(eval echo \$${subsystemId}_auditV_user) -o $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then + if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then #cert-request-submit===== #subsystem can be ca or tps subsystem=ca diff --git a/tests/dogtag/acceptance/install-tests/ca-installer.sh b/tests/dogtag/acceptance/install-tests/ca-installer.sh index 122490e71..0544c5491 100644 --- a/tests/dogtag/acceptance/install-tests/ca-installer.sh +++ b/tests/dogtag/acceptance/install-tests/ca-installer.sh @@ -39,23 +39,27 @@ run_rhcs_ca_installer_tests() SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi + if [[ $subsystemId == SUBCA* ]]; then + ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + prefix=$subsystemId + CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) + admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) + else + ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + prefix=ROOTCA + CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD + admin_cert_nickname=$ROOTCA_ADMIN_CERT_NICKNAME + fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) + ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) + prefix=$MYROLE + CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) + admin_cert_nickname=$(eval echo \$${MYROLE}_ADMIN_CERT_NICKNAME) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) @@ -63,12 +67,11 @@ run_rhcs_ca_installer_tests() ##### Create a temporary directory to save output files ##### rlPhaseStartSetup "pki_run_rhcs_ca_installer_tests: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-001: Installing and Uninstalling CA" - + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-001: Installing and Uninstalling CA" run_rhcs_install_packages if [ "$prefix" = "ROOTCA" ]; then run_install_subsystem_RootCA @@ -80,9 +83,8 @@ run_rhcs_ca_installer_tests() rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" - rlLog "Uninstall CA tests" rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out - exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallCA.out" + exp_message2_3="Uninstallation complete" rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out" rlPhaseEnd @@ -98,7 +100,7 @@ run_rhcs_ca_installer_tests() rlAssertGrep "$exp_message_2" "$TmpDir/port_output_file.out" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-003: Cert Tests nickname configurable" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-003: CA certificate nickname is configurable" rlLog "Checking if the nicknames for the CA certificates are configurable" rlRun "pkispawn -s CA -f $INSTANCECFG" rlRun "certutil -L -d /var/lib/pki/$ROOTCA_TOMCAT_INSTANCE_NAME/alias > $TmpDir/cert_nicknames.out" @@ -115,10 +117,10 @@ run_rhcs_ca_installer_tests() rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-004: security domain parameters" - rlLog "Checking if a new security domain gets created for the CA" + rlLog "Checking if a new security domain gets created for the CA" local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d '=' -f 2) local expfile=$TmpDir/expectfile.in - rlLog "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show"" + rlLog "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show"" echo "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show"" > $expfile echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' Import CA certificate (Y/n)? \"" >> $expfile @@ -138,8 +140,8 @@ run_rhcs_ca_installer_tests() exp_messg1_4="Port: $(eval echo \$${prefix}_UNSECURE_PORT)" exp_messg1_5="Secure Port: $(eval echo \$${prefix}_SECURE_PORT)" exp_messg1_6="Domain Manager: TRUE" - rlLog "cleanup" - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-005: same subject dn for two certs" @@ -181,7 +183,7 @@ run_rhcs_ca_installer_tests() rlAssertGrep "$exp_message_1" "$TmpDir/ldap_port_test.out" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-008: give existing base dn" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-008: give existing base dn" rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in" rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile5.in > $TmpDir/existing_base_dn_1.out" @@ -190,23 +192,23 @@ run_rhcs_ca_installer_tests() exp_messg2="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)" rlAssertGrep "$exp_messg2" "$TmpDir/existing_base_dn_1.out" sed -i -e "/pki_ds_remove_data=/s/=.*/=False/g" $TmpDir/tmpconfigfile5.in - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile5.in > $TmpDir/existing_base_dn_2.out 2>&1" 1 "Should fail" exp_messg3="Installation failed." rlAssertGrep "$exp_messg3" "$TmpDir/existing_base_dn_2.out" - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-009: checking the pkcs12 password" - rlRun "pkispawn -s CA -f $INSTANCECFG" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-009: checking the pkcs12 password" + rlRun "pkispawn -s CA -f $INSTANCECFG" local password=$(eval echo \$${prefix}_CLIENT_PKCS12_PASSWORD) rlRun "pk12util -l $CLIENT_DIR/$(eval echo \$${prefix}_ADMIN_CERT_NICKNAME).p12 -W $password > $TmpDir/pkcs12_password.out" exp_messg1="Friendly Name: $(eval echo \$${prefix}_ADMIN_CERT_NICKNAME)" rlAssertGrep "$exp_messg1" "$TmpDir/pkcs12_password.out" exp_messg2="$(eval echo \$${prefix}_ADMIN_CERT_SUBJECT_NAME)" rlAssertGrep "$exp_messg2" "$TmpDir/pkcs12_password.out" - #cleanup - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + #cleanup + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-010: backup keys parameter" @@ -217,10 +219,10 @@ run_rhcs_ca_installer_tests() exp_messg1_1="ca_backup_keys.p12" rlAssertGrep "$exp_messg1_1" "$TmpDir/ldap_backup_keys_test1.out" sed -i -e "/pki_backup_keys=/s/=.*/=False/g" $TmpDir/tmpconfigfile7.in - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile7.in" rlRun "ls /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 > $TmpDir/ldap_backup_keys_test2.out" 2 "Should Fail" - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-011: backup password" @@ -236,30 +238,38 @@ run_rhcs_ca_installer_tests() rlAssertGrep "$exp_messg1_3" "$TmpDir/backup_passwd_test.out" exp_messg1_4="Friendly Name: $(eval echo \$${prefix}_AUDIT_SIGNING_CERT_SUBJECT_NAME)" rlAssertGrep "$exp_messg1_4" "$TmpDir/backup_passwd_test.out" - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-012: client database purge" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-012: client database purge BZ1165873" rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile9.in" rlRun "pkispawn -s CA -f $INSTANCECFG" rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 2 "Should Fail" - sed -i -e "/pki_client_database_purge=/s/=.*/=False/g" $TmpDir/tmpconfigfile9.in - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + sed -i -e "/pki_client_database_purge=/s/=.*/=False/g" $TmpDir/tmpconfigfile9.in + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile9.in" rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 0 "Should succeed" - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1165873" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-013: subject name special characters" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-013: subject name special characters" + #two % are required for successful parsing local subjectdn="cn=rh@cs/-$%%!!,O=red^hat" rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile10.in" - sed -i -e ' pki_ca_signing_subject_dn= s =.* =cn=rh@cs -$%%!!,O=red^hat g' $TmpDir/tmpconfigfile10.in + sed -i -e 's pki_ca_signing_subject_dn=.* pki_ca_signing_subject_dn=cn=rh@cs/-$%%!!,O=red^hat g' $TmpDir/tmpconfigfile10.in rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile10.in > $TmpDir/subjectdn_special_char.out" #expected output & cleanup - #installs fine if two % are used but gives an error on just one % - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out" rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-014: invalid key size for certificate" @@ -270,10 +280,9 @@ run_rhcs_ca_installer_tests() rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile11.in > $TmpDir/invalid_key.out 2>&1" 1 "Should fail" exp_messg1="Installation failed." rlAssertGrep "$exp_messg1" "$TmpDir/invalid_key.out" - expected output & cleanup + #expected output & cleanup rlLog "cleanup" rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" - should give a more desciptive error rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1184" rlPhaseEnd @@ -312,7 +321,8 @@ run_rhcs_ca_installer_tests() rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile13.in" sed -i -e "/pki_security_domain_name=/s/=.*/=$secdomain_name/g" $TmpDir/tmpconfigfile13.in rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile13.in" - local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d "=" -f 2) + rlRun "sleep 10" + local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d "=" -f 2) rlRun "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias -w $password securitydomain-show > $TmpDir/long_sec_domain_name.out" exp_messg1="Domain: $secdomain_name" rlAssertGrep "$exp_messg1" "$TmpDir/long_sec_domain_name.out" @@ -326,62 +336,52 @@ run_rhcs_ca_installer_tests() rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile14.in" sed -i -e "/pki_ds_password=/s/=.*/=$password/g" $TmpDir/tmpconfigfile14.in - rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile14.in > $TmpDir/wrong_ds_passwd.out 2>&1" 1 "Should fail" + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile14.in > $TmpDir/wrong_ds_passwd.out 2>&1" 1 "Should fail" #expected o/p and cleanup exp_messg1="ERROR: Unable to access directory server: Invalid credentials" rlAssertGrep "$exp_messg1" "$TmpDir/wrong_ds_passwd.out" rlPhaseEnd -# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-018: instance creation as non root user" -# local username=rhcs -# local expfile=$TmpDir/expect-test-018.out -# local expfile2=$TmpDir/expect-test-018-02.out -# local password1=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1) -# echo "spawn -noecho "passwd"" > $expfile -# echo "expect \"Changing password for user root \"" >> $expfile -# echo "expect \"New password: \"" >> $expfile -# echo "send -- \"$password1\r\"" >> $expfile -# echo "expect \"Retype new password: \"" >> $expfile -# echo "send -- \"$password1\r\"" >> $expfile -# echo "expect eof" >> $expfile -# echo "catch wait result" >> $expfile -# echo "exit [lindex \$result 3]" >> $expfile -# rlRun "/usr/bin/expect -f $expfile > $TmpDir/change_password.out 2>&1" -# rlRun "adduser $username" -# rlRun "su $username" -# rlRun "cp $INSTANCECFG /home/$username/tmpconfigfile15.in" -# rlLog "Copying config file into temp file" -# rlRun "pkispawn -s CA -f /home/$username/tmpconfigfile15.in > /home/$username/nonroot.out 2>&1" 1 "Should fail" -# exp_messg1="'/usr/sbin/pkispawn' must be run as root!" -# rlAssertGrep "$exp_messg1" "/home/$username/nonroot.out" -# #expected output & cleanup -# echo "spawn -noecho "su root"" > $expfile2 -# echo "expect \"password \"" >> $expfile2 -# echo "send -- \"$password1\r\"" >> $expfile2 -# rlRun "/usr/bin/expect -f $expfile2" -# rlPhaseEnd + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-018: instance creation as non root user" + local username=rhcs + rlRun "useradd $username" + rlRun "cp $INSTANCECFG /home/$username/tmpconfigfile15.in" + rlRun "su -c \"pkispawn -s CA -f /home/$username/tmpconfigfile15.in > /home/$username/nonroot.out 2>&1\" $username" 1 "pkispawn as non-root user should fail" + exp_messg1="'/usr/sbin/pkispawn' must be run as root!" + rlAssertGrep "$exp_messg1" "/home/$username/nonroot.out" + rlRun "userdel -r $username" + rlPhaseEnd + - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-019: special characters in certificate nickname" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-019: special characters in certificate nickname" local nickname=rh@cs/-$%%!!red^hat rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile16.in" - sed -i -e ' pki_ca_signing_nickname= s =.*/=rh@cs/-$%%!!red^hat g' $TmpDir/tmpconfigfile16.in + sed -i -e 's pki_ca_signing_nickname=.* pki_ca_signing_nickname=rh@cs/-$%%!!red^hat g' $TmpDir/tmpconfigfile16.in rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile16.in > $TmpDir/subjectdn_special_char.out" + #expected output & cleanup - #ask about this, same problem as subject dn - rlLog "cleanup" - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out" rlPhaseEnd + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-020: ds password not provided" rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile17.in" sed -i -e "/pki_ds_password=/d" $TmpDir/tmpconfigfile17.in - rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile17.in > $TmpDir/no_ds_password.out 2>&1" 1 "Should fail" + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile17.in > $TmpDir/no_ds_password.out 2>&1" 1 "Should fail" exp_messg1="pkispawn : ERROR A value for 'pki_ds_password' MUST be defined in '$TmpDir/tmpconfigfile17.in'" rlAssertGrep "$exp_messg1" "$TmpDir/no_ds_password.out" - expected output & cleanup + # expected output & cleanup rlPhaseEnd - + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-021: token and token password" rlRun "pkispawn -s CA -f $INSTANCECFG" local password_token=$(eval echo \$${prefix}_TOKEN_PASSWORD) @@ -394,53 +394,53 @@ run_rhcs_ca_installer_tests() rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-022: invalid email in admin paramneters" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-022: invalid email in admin parameters BZ1165875" rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile19.in" sed -i -e "/pki_admin_email=/s/=.*/=pki-ca-test/g" $TmpDir/tmpconfigfile19.in rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile19.in > $TmpDir/invalid_email.out 2>&1" 1 "Should fail" - exp_messg="Installation failed" - rlAssertGrep "$exp_messg" "$TmpDir/invalid_email.out" - rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" - ###not failing## + exp_messg="Installation failed" + rlAssertGrep "$exp_messg" "$TmpDir/invalid_email.out" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1165875" rlPhaseEnd -# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-023: skip configuration" -# rlLog "Copying config file into temp file" -# rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile20.in" -# sed -i -e "/pki_skip_configuration=/s/=.*/=True/g" $TmpDir/tmpconfigfile20.in -# rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile20.in > $TmpDir/skip_config.out" -# exp_messg1_1="The CA subsystem of the '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' instance" -# rlAssertGrep "$exp_messg1_1" "$TmpDir/skip_config.out" -# exp_messg1_2="must still be configured!" -# rlAssertGrep "$exp_messg1_2" "$TmpDir/skip_config.out" -# rlPhaseEnd -# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-024: skip installation" -# rlLog "Copying config file into temp file" -# rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile21.in" -# sed -i -e "/pki_skip_installation=/s/=.*/=True/g" $TmpDir/tmpconfigfile21.in -# rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile21.in > $TmpDir/skip_install.out" -# exp_message1="Administrator's username: $(eval echo \$${prefix}_ADMIN_USER)" -# rlAssertGrep "$exp_message1" "$TmpDir/skip_install.out" -# exp_message2="$(eval echo \$${prefix}_DOMAIN)" -# rlAssertGrep "$exp_message2" "$TmpDir/skip_install.out" -# exp_message3_1="To check the status of the subsystem:" -# rlAssertGrep "$exp_message3_1" "$TmpDir/skip_install.out" -# exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service" -# rlAssertGrep "$exp_message3_2" "$TmpDir/skip_install.out" -# exp_message4_1="To restart the subsystem:" -# rlAssertGrep "$exp_message4_1" "$TmpDir/skip_install.out" -# exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service" -# rlAssertGrep "$exp_message4_2" "$TmpDir/skip_install.out" -# exp_message5="The URL for the subsystem is:" -# rlAssertGrep "$exp_message5" "$TmpDir/skip_install.out" -# exp_message5_1="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)/ca" -# rlAssertGrep "$exp_message5_1" "$TmpDir/skip_install.out" -# rlLog "cleanup" -# rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" -# rlPhaseEnd + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-023: skip configuration" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile20.in" + sed -i -e "/pki_skip_configuration=/s/=.*/=True/g" $TmpDir/tmpconfigfile20.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile20.in > $TmpDir/skip_config.out" + exp_messg1_1="The CA subsystem of the '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' instance" + rlAssertGrep "$exp_messg1_1" "$TmpDir/skip_config.out" + exp_messg1_2="must still be configured!" + rlAssertGrep "$exp_messg1_2" "$TmpDir/skip_config.out" + rlPhaseEnd + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-024: skip installation" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile21.in" + sed -i -e "/pki_skip_installation=/s/=.*/=True/g" $TmpDir/tmpconfigfile21.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile21.in > $TmpDir/skip_install.out" + exp_message1="Administrator's username: $(eval echo \$${prefix}_ADMIN_USER)" + rlAssertGrep "$exp_message1" "$TmpDir/skip_install.out" + exp_message2="$(eval echo \$${prefix}_DOMAIN)" + rlAssertGrep "$exp_message2" "$TmpDir/skip_install.out" + exp_message3_1="To check the status of the subsystem:" + rlAssertGrep "$exp_message3_1" "$TmpDir/skip_install.out" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message3_2" "$TmpDir/skip_install.out" + exp_message4_1="To restart the subsystem:" + rlAssertGrep "$exp_message4_1" "$TmpDir/skip_install.out" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message4_2" "$TmpDir/skip_install.out" + exp_message5="The URL for the subsystem is:" + rlAssertGrep "$exp_message5" "$TmpDir/skip_install.out" + exp_message5_1="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)/ca" + rlAssertGrep "$exp_message5_1" "$TmpDir/skip_install.out" + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-025: installation when another instance is already running" + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-025: installation when another instance is already running" rlLog "Copying config file into temp file" rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile22.in" rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile22.in > $TmpDir/install_1.out" @@ -460,11 +460,218 @@ run_rhcs_ca_installer_tests() rlRun "certutil -L -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias > $TmpDir/empty_nickname.out" exp_messg1="(NULL)" rlAssertGrep "$exp_messg1" "$TmpDir/empty_nickname.out" - expected output & cleanup + #expected output & cleanup rlLog "cleanup" rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" - installation goes fine but a null cert gets created which gives segmentation fault on doing a pk12util + #installation goes fine but a null cert gets created which gives segmentation fault on doing a pk12util rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1184" rlPhaseEnd - + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-027: Token password parameter has special characters" + token_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile27.in" + sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile27.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile27.in" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-028: Client pkcs12 password parameter has special characters" + client_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile28.in" + sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile28.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile28.in" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-029: Admin password parameter has special characters" + admin_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile29.in" + sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile29.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile29.in" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-030: Backup password parameter has special characters" + backup_password="{\&+\$\@*!%" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile30.in" + sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile30.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile30.in > $TmpDir/ca30.out 2>&1" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-031: Client database password parameter has special characters" + clientdb_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile31.in" + sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile31.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile31.in" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-032: Interactive CA installation" + rlLog "Interactive pkispawn of CA" + local expfile=$TmpDir/expectfile.in + echo "set timeout 5" > $expfile + echo "set force_conservative 0" >> $expfile + echo "set send_slow {1 .1}" >> $expfile + echo "spawn -noecho pkispawn" >> $expfile + echo "expect \"Subsystem \(CA/KRA/OCSP/TKS/TPS\) \[CA\]: \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect \"Instance \[pki-tomcat\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)\r\"" >> $expfile + echo "expect \"HTTP port \[8080\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_UNSECURE_PORT)\r\"" >> $expfile + echo "expect \"Secure HTTP port \[8443\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_SECURE_PORT)\r\"" >> $expfile + echo "expect \"AJP port \[8009\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_AJP_PORT)\r\"" >> $expfile + echo "expect \"Management port \[8005\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_TOMCAT_SERVER_PORT)\r\"" >> $expfile + echo "expect \"Username \[caadmin\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_ADMIN_USER)\r\"" >> $expfile + echo "expect \"Password: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_ADMIN_PASSWORD)\r\"" >> $expfile + echo "expect \"Verify password: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_ADMIN_PASSWORD)\r\"" >> $expfile + echo "expect \"Import certificate (Yes\/No) \[N\]? \"" >> $expfile + if [ $(eval echo \$${prefix}_ADMIN_IMPORT_CERT) = "False" ]; then + echo "send -- \"\r\"" >> $expfile + else + echo "send -- \"Y\r\"" >> $expfile + fi + echo "expect \"Export certificate to \[/root/.dogtag/pki-tomcat/ca_admin.cert\]: \"" >> $expfile + echo "send -- \"/root/.dogtag/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/ca_admin.cert\r\"" >> $expfile + echo "expect \"Hostname \[`hostname`\]: \"" >> $expfile + echo "send -- \"$LDAP_HOSTNAME\r\"" >> $expfile + echo "expect \"Use a secure LDAPS connection (Yes\/No\/Quit) \[N\]? \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect \"Port \[389\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_LDAP_PORT)\r\"" >> $expfile + echo "expect \"Bind DN \[cn=Directory Manager\]: \"" >> $expfile + echo "send -- \"$LDAP_ROOTDN\r\"" >> $expfile + echo "expect \"Password: \"" >> $expfile + echo "send -- \"$LDAP_ROOTDNPWD\r\"" >> $expfile + echo "expect \"Base DN \[o=pki-tomcat-CA\]: \"" >> $expfile + echo "send -- \"$(eval echo \$${prefix}_DB_SUFFIX)\r\"" >> $expfile + echo "expect \"Name \[`hostname -d` Security Domain\]: \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect \"Begin installation (Yes/No/Quit)? \"" >> $expfile + echo "send -- \"Yes\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pkispawn_ca.out 2>&1" 0 "Interactive pkispawn of CA should be successful" + rlRun "sleep 10" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-033: Security domain password parameter has special characters" + sec_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile32.in" + sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile32.in + rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile32.in" + rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out" + exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-034: CA signed by an external CA - Dogtag Certificate" + number=1 + csr_file=$TmpDir/ca_signing.csr + certtype="Dogtag" + run_rhcs_install_packages + run_install_subsystem_RootCA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + rlLog "rhcs_install_CAwithExtCA $number $csr_file $certtype $ROOTCA_ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $admin_cert_nickname $SUBSYSTEM_HOST" + rhcs_install_CAwithExtCA $number $csr_file $certtype $ROOTCA_ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $admin_cert_nickname $SUBSYSTEM_HOST + rlRun "remove-ds.pl -f -i slapd-pki-subca${number}" 0 "SUBCA ldap instance removed" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out" + rlRun "pkidestroy -s CA -i $(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-035: CA signed by an external CA - Microsoft CA Certificate" + number=1 + csr_file=$TmpDir/msca_signing.csr + certtype="MSCA" + run_rhcs_install_packages + rlLog "rhcs_install_CAwithExtCA $number $csr_file $certtype" + rhcs_install_CAwithExtCA $number $csr_file $certtype + rlRun "pkidestroy -s CA -i $(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out" + rlRun "remove-ds.pl -f -i slapd-pki-subca${number}" 0 "SUBCA ldap instance removed" + rlPhaseEnd + + rlPhaseStartSetup "pki_run_rhcs_ca_installer_tests-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + if [ "$prefix" = "ROOTCA" ]; then + rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed" + elif [[ $subsystemId = SUBCA* ]]; then + rlRun "remove-ds.pl -f -i slapd-pki-subca1" 0 "SUBCA ldap instance removed" + fi + rlPhaseEnd } diff --git a/tests/dogtag/acceptance/install-tests/kra-installer.sh b/tests/dogtag/acceptance/install-tests/kra-installer.sh index ca172904d..07111ce31 100644 --- a/tests/dogtag/acceptance/install-tests/kra-installer.sh +++ b/tests/dogtag/acceptance/install-tests/kra-installer.sh @@ -34,61 +34,179 @@ run_rhcs_kra_installer_tests() SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + if [[ $subsystemId == SUBCA* ]]; then prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + else prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi + fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) INSTANCECFG=/tmp/kra_instance.inf ##### Create a temporary directory to save output files ##### rlPhaseStartSetup "pki_run_rhcs_kra_installer_tests: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-001: Installing and Uninstalling KRA" - local number=3 + rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-001: Installing and Uninstalling KRA" + local number=3 local BEAKERMASTER=`hostname` local CA=ROOTCA run_rhcs_install_packages - run_install_subsystem_RootCA - run_install_subsystem_KRA $number $BEAKERMASTER $CA + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out" - exp_message2_2="PKI Subsystem Type: (Security Domain)" + exp_message2_2="PKI Subsystem Type: DRM" rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out" rlLog "Uninstall KRA tests" rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out - exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallKRA.out" + exp_message2_3="Uninstallation complete" rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallKRA.out" - rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-002: SSL cert parameters" cp $INSTANCECFG $TmpDir/tmpconfig1.in sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" rlRun "pkispawn -s KRA -f $TmpDir/tmpconfig1.in > $TmpDir/kra_ssl.out 2>&1" 1 "Should fail" - exp_messg3="Installation Failed." + exp_messg3="Installation failed." rlAssertGrep "$exp_messg3" "$TmpDir/kra_ssl.out" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallKRA.out" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA" + rlRun "sleep 20" rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-003: Token password parameter has special characters" + token_password="{\&+\$\@*!" + INSTANCECFG_CA=/tmp/ca_instance.inf + rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA" + rlRun "sleep 20" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in" + sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in + rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile3.in" + rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out" + exp_message2_2="PKI Subsystem Type: DRM" + rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-004: Client pkcs12 password parameter has special characters" + client_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in" + sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in + rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile4.in" + rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out" + exp_message2_2="PKI Subsystem Type: DRM" + rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-005: Admin password parameter has special characters" + admin_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in" + sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in + rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile5.in" + rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out" + exp_message2_2="PKI Subsystem Type: DRM" + rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-006: Backup password parameter has special characters" + backup_password="{\&+\$\@*!%" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in" + sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in + rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile6.in" + rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out" + exp_message2_2="PKI Subsystem Type: DRM" + rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-007: Client database password parameter has special characters" + clientdb_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in" + sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in + rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile7.in" + rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out" + exp_message2_2="PKI Subsystem Type: DRM" + rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_kra_installer_tests-008: Security domain password parameter has special characters - Ticket 668" + sec_password="{\&+\$\@*!" + rlLog "Copying KRA config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in" + sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in + rlRun "pkispawn -s KRA -f $TmpDir/tmpconfigfile8.in > $TmpDir/kra8.out 2>&1" + rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/kra-install.out" + exp_message2_2="PKI Subsystem Type: DRM" + rlAssertGrep "$exp_message2_2" "$TmpDir/kra-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall KRA" + rlRun "sleep 20" + rlLog "https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartSetup "pki_run_rhcs_kra_installer_tests-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlRun "remove-ds.pl -f -i slapd-pki-kra3-ldap" 0 "KRA ldap instance removed" + rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA" + rlPhaseEnd } diff --git a/tests/dogtag/acceptance/install-tests/ocsp-installer.sh b/tests/dogtag/acceptance/install-tests/ocsp-installer.sh index 08b4f9b19..94c6b382d 100644 --- a/tests/dogtag/acceptance/install-tests/ocsp-installer.sh +++ b/tests/dogtag/acceptance/install-tests/ocsp-installer.sh @@ -34,61 +34,177 @@ run_rhcs_ocsp_installer_tests() SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + if [[ $subsystemId == SUBCA* ]]; then prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + else prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi + fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) INSTANCECFG=/tmp/ocsp_instance.inf ##### Create a temporary directory to save output files ##### rlPhaseStartSetup "pki_run_rhcs_ocsp_installer_tests: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-001: Installing and Uninstalling OCSP" - local number=3 + rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-001: Installing and Uninstalling OCSP" + local number=3 local BEAKERMASTER=`hostname` local CA=ROOTCA run_rhcs_install_packages - run_install_subsystem_RootCA - run_install_subsystem_OCSP $number $BEAKERMASTER $CA + run_install_subsystem_RootCA + run_install_subsystem_ocsp $number $BEAKERMASTER $CA rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out" exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out" - exp_message2_2="PKI Subsystem Type: (Security Domain)" + exp_message2_2="PKI Subsystem Type: OCSP" rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out" rlLog "Uninstall OCSP tests" - rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out - exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallOCSP.out" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallOCSP.out + exp_message2_3="Uninstallation complete" rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallOCSP.out" - rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-002: SSL cert parameters" cp $INSTANCECFG $TmpDir/tmpconfig1.in sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfig1.in > $TmpDir/ocsp_ssl.out 2>&1" 1 "Should fail" - exp_messg3="Installation Failed." + exp_messg3="Installation failed." rlAssertGrep "$exp_messg3" "$TmpDir/ocsp_ssl.out" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled OCSP" + rlRun "sleep 20" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA" + rlRun "sleep 20" rlPhaseEnd + rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-003: Token password parameter has special characters" + token_password="{\&+\$\@*!" + INSTANCECFG_CA=/tmp/ca_instance.inf + rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA" + rlRun "sleep 20" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in" + sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in + rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile3.in" + rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out" + exp_message2_2="PKI Subsystem Type: OCSP" + rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-004: Client pkcs12 password parameter has special characters" + client_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in" + sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in + rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile4.in" + rlRun "pkidaemon status tomcat > $TmpDir/kra-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out" + exp_message2_2="PKI Subsystem Type: OCSP" + rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-005: Admin password parameter has special characters" + admin_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in" + sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in + rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile5.in" + rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out" + exp_message2_2="PKI Subsystem Type: OCSP" + rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-006: Backup password parameter has special characters" + backup_password="{\&+\$\@*!%" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in" + sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in + rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile6.in" + rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out" + exp_message2_2="PKI Subsystem Type: OCSP" + rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-007: Client database password parameter has special characters" + clientdb_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in" + sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in + rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile7.in" + rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out" + exp_message2_2="PKI Subsystem Type: OCSP" + rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_ocsp_installer_tests-008: Security domain password parameter has special characters - Ticket 668" + sec_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in" + sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in + rlRun "pkispawn -s OCSP -f $TmpDir/tmpconfigfile8.in > $TmpDir/ocsp8.out 2>&1" + rlRun "pkidaemon status tomcat > $TmpDir/ocsp-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/ocsp-install.out" + exp_message2_2="PKI Subsystem Type: OCSP" + rlAssertGrep "$exp_message2_2" "$TmpDir/ocsp-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s OCSP -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall OCSP" + rlRun "sleep 20" + rlLog "https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartSetup "pki_run_rhcs_ocsp_installer_tests-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlRun "remove-ds.pl -f -i slapd-pki-ocsp3-ldap" 0 "OCSP ldap instance removed" + rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA" + rlPhaseEnd } diff --git a/tests/dogtag/acceptance/install-tests/tks-installer.sh b/tests/dogtag/acceptance/install-tests/tks-installer.sh index 654a2a1cd..3959f04dd 100644 --- a/tests/dogtag/acceptance/install-tests/tks-installer.sh +++ b/tests/dogtag/acceptance/install-tests/tks-installer.sh @@ -34,61 +34,180 @@ run_rhcs_tks_installer_tests() SUBSYSTEM_TYPE=$2 MYROLE=$3 if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) + if [[ $subsystemId == SUBCA* ]]; then prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION + else prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi + fi else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) INSTANCECFG=/tmp/tks_instance.inf ##### Create a temporary directory to save output files ##### rlPhaseStartSetup "pki_run_rhcs_tks_installer_tests: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" rlPhaseEnd - rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-001: Installing and Uninstalling TKS" - local number=3 + rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-001: Installing and Uninstalling TKS" + local number=1 local BEAKERMASTER=`hostname` local CA=ROOTCA run_rhcs_install_packages - run_install_subsystem_RootCA - run_install_subsystem_TKS $number $BEAKERMASTER $CA + run_install_subsystem_RootCA + run_install_subsystem_tks $number $BEAKERMASTER $CA rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out" exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out" - exp_message2_2="PKI Subsystem Type: (Security Domain)" + exp_message2_2="PKI Subsystem Type: TKS" rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out" rlLog "Uninstall TKS tests" - rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallKRA.out - exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallTKS.out" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTKS.out + exp_message2_3="Uninstallation complete" rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTKS.out" - rlPhaseEnd rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-002: SSL cert parameters" cp $INSTANCECFG $TmpDir/tmpconfig1.in sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" rlRun "pkispawn -s TKS -f $TmpDir/tmpconfig1.in > $TmpDir/tks_ssl.out 2>&1" 1 "Should fail" - exp_messg3="Installation Failed." + exp_messg3="Installation failed." rlAssertGrep "$exp_messg3" "$TmpDir/tks_ssl.out" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTKS.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTKS.out" + rlRun "sleep 20" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA" + rlRun "sleep 20" rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-003: Token password parameter has special characters" + token_password="{\&+\$\@*!" + INSTANCECFG_CA=/tmp/ca_instance.inf + rlRun "pkispawn -s CA -f $INSTANCECFG_CA" 0 "Install CA" + rlRun "sleep 20" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in" + sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in + rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile3.in" + rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out" + exp_message2_2="PKI Subsystem Type: TKS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-004: Client pkcs12 password parameter has special characters" + client_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in" + sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in + rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile4.in" + rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out" + exp_message2_2="PKI Subsystem Type: TKS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-005: Admin password parameter has special characters" + admin_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in" + sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in + rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile5.in" + rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out" + exp_message2_2="PKI Subsystem Type: TKS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-006: Backup password parameter has special characters" + backup_password="{\&+\$\@*!%" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in" + sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in + rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile6.in" + rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out" + exp_message2_2="PKI Subsystem Type: TKS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-007: Client database password parameter has special characters" + clientdb_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in" + sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in + rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile7.in" + rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out" + exp_message2_2="PKI Subsystem Type: TKS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS" + rlRun "sleep 20" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tks_installer_tests-008: Security domain password parameter has special characters - Ticket 668" + sec_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in" + sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in + rlRun "pkispawn -s TKS -f $TmpDir/tmpconfigfile8.in > $TmpDir/tks8.out 2>&1" + rlRun "pkidaemon status tomcat > $TmpDir/tks-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tks-install.out" + exp_message2_2="PKI Subsystem Type: TKS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tks-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TKS" + rlRun "sleep 20" + rlLog "https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartSetup "pki_run_rhcs_tks_installer_tests-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlRun "remove-ds.pl -f -i slapd-pki-tks1-ldap" 0 "TKS ldap instance removed" + rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA" + rlPhaseEnd } diff --git a/tests/dogtag/acceptance/install-tests/tps-installer.sh b/tests/dogtag/acceptance/install-tests/tps-installer.sh new file mode 100755 index 000000000..28f90aca2 --- /dev/null +++ b/tests/dogtag/acceptance/install-tests/tps-installer.sh @@ -0,0 +1,242 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/installer-tests/tps-installer.sh +# Description: PKI TPS Installer Test +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Include files +. ./acceptance/quickinstall/rhcs-set-time.sh +. ./acceptance/quickinstall/rhcs-install.sh +. ./acceptance/quickinstall/rhcs-install-lib.sh +. /opt/rhqa_pki/env.sh +run_rhcs_tps_installer_tests() +{ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$subsystemId + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $subsystemId == SUBCA* ]]; then + prefix=$subsystemId + else + prefix=ROOTCA + fi + else + prefix=$MYROLE + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + INSTANCECFG=/tmp/tps_instance.inf + ##### Create a temporary directory to save output files ##### + rlPhaseStartSetup "pki_run_rhcs_tps_installer_tests: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-001: Installing and Uninstalling TPS BZ1188331" + local number=3 + local BEAKERMASTER=`hostname` + local CA=ROOTCA + local KRA=KRA3 + local TKS=TKS1 + local TKS_number=1 + local TPS_number=1 + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $KRA $TKS + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: tps" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + rlLog "Uninstall TPS tests" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTPS.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTPS.out" + rlRun "sleep 20" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-002: Server side keygen is set to false, installation successful BZ1188331" + cp $INSTANCECFG $TmpDir/tmpconfig2.in + sed -i -e "/pki_enable_server_side_keygen=/s/=.*/=False/g" $TmpDir/tmpconfig2.in + rlRun "sleep 5" + sed -i -e "/pki_kra_uri/d" $TmpDir/tmpconfig2.in + rlRun "sleep 5" + rlRun "pkispawn -s TPS -v -f $TmpDir/tmpconfig2.in > $TmpDir/tps_keygen.out 2>&1" 0 "Should pass" + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: (Security Domain)" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + rlLog "Uninstall TPS tests" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallTPS.out + exp_message2_3="Uninstallation complete" + rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallTPS.out" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-003: Token password parameter has special characters BZ1188331" + token_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile3.in" + sed -i -e "/pki_token_password=/s/=.*/=$token_password/g" $TmpDir/tmpconfigfile3.in + rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile3.in" + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: TPS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS" + rlRun "sleep 20" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-004: Client pkcs12 password parameter has special characters BZ1188331" + client_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile4.in" + sed -i -e "/pki_client_pkcs12_password=/s/=.*/=$client_password/g" $TmpDir/tmpconfigfile4.in + rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile4.in" + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: TPS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS" + rlRun "sleep 20" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-005: Admin password parameter has special characters BZ1188331" + admin_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile5.in" + sed -i -e "/pki_admin_password=/s/=.*/=$admin_password/g" $TmpDir/tmpconfigfile5.in + rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile5.in" + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: TPS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS" + rlRun "sleep 20" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-006: Backup password parameter has special characters BZ1188331" + backup_password="{\&+\$\@*!%" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile6.in" + sed -i -e "/pki_backup_password=/s/=.*/=$backup_password/g" $TmpDir/tmpconfigfile6.in + rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile6.in" + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: TPS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS" + rlRun "sleep 20" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-007: Client database password parameter has special characters BZ1188331" + clientdb_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile7.in" + sed -i -e "/pki_client_database_password=/s/=.*/=$clientdb_password/g" $TmpDir/tmpconfigfile7.in + rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile7.in" + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: TPS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS" + rlRun "sleep 20" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1188331" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-008: Security domain password parameter has special characters - Ticket 668" + sec_password="{\&+\$\@*!" + rlLog "Copying config file into temp file" + rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile8.in" + sed -i -e "/pki_security_domain_password=/s/=.*/=$sec_password/g" $TmpDir/tmpconfigfile8.in + rlRun "pkispawn -s TPS -f $TmpDir/tmpconfigfile8.in > $TmpDir/tps8.out 2>&1" + rlRun "pkidaemon status tomcat > $TmpDir/tps-install.out" + exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" + rlAssertGrep "$exp_message2_1" "$TmpDir/tps-install.out" + exp_message2_2="PKI Subsystem Type: TPS" + rlAssertGrep "$exp_message2_2" "$TmpDir/tps-install.out" + #expected output & cleanup + rlLog "cleanup" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Unistall TPS" + rlRun "sleep 20" + rlLog "https://fedorahosted.org/pki/ticket/668" + rlPhaseEnd + + rlPhaseStartTest "pki_run_rhcs_tps_installer_tests-009: SSL cert parameters" + cp $INSTANCECFG $TmpDir/tmpconfig1.in + sed -i -e "/pki_ssl_server_key_type/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" + sed -i -e "/pki_ssl_server_token/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" + sed -i -e "/pki_ssl_server_signing_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" + sed -i -e "/pki_ssl_server_key_algorithm/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" + sed -i -e "/pki_ssl_server_key_size/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" + sed -i -e "/pki_ssl_server_nickname/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" + sed -i -e "/pki_ssl_server_subject_dn/d" $TmpDir/tmpconfig1.in + rlRun "sleep 5" + rlRun "pkispawn -s TPS -f $TmpDir/tmpconfig1.in > $TmpDir/tps_ssl.out 2>&1" 1 "Should fail" + exp_messg3="Installation failed." + rlAssertGrep "$exp_messg3" "$TmpDir/tps_ssl.out" + rlPhaseEnd + + rlPhaseStartSetup "pki_run_rhcs_tps_installer_tests-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlRun "remove-ds.pl -f -i slapd-pki-ca-ldap" 0 "CA ldap instance removed" + rlRun "remove-ds.pl -f -i slapd-pki-kra3-ldap" 0 "KRA ldap instance removed" + rlRun "remove-ds.pl -f -i slapd-pki-tks1-ldap" 0 "TKS ldap instance removed" + rlRun "remove-ds.pl -f -i slapd-pki-tps1-ldap" 0 "TPS ldap instance removed" + rlRun "pkidestroy -s TPS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled TPS" + rlRun "pkidestroy -s TKS -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled TKS" + rlRun "pkidestroy -s KRA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled KRA" + rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" 0 "Uninstalled CA" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh b/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh new file mode 100755 index 000000000..17e7557df --- /dev/null +++ b/tests/dogtag/acceptance/legacy/tps-tests/tps-enrollments.sh @@ -0,0 +1,5703 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/tps-tests/tps-enrollments.sh +# Description: TPS Enrollment tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_tps-enrollment_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for tps-enrollments tests + rlPhaseStartSetup "pki_tps_enrollments Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + local target_unsecure_port=$(eval echo \$${TPS_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${TPS_INST}_SECURE_PORT) + local tmp_ca_admin=$CA_INST\_adminV + local tmp_ca_agent=$CA_INST\_agentV + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_tps_host=$(eval echo \$${cs_Role}) + local valid_admin_cert=$TPS_INST\_adminV + local valid_agent_cert=$TPS_INST\_agentV + local valid_admin1_cert=$TPS_INST\_admin1V + local valid_agent1_cert=$TPS_INST\_agent1V + local valid_admin_user=$TPS_INST\_adminV + local valid_admin_user_password=$TPS_INST\_adminV_password + + rlPhaseStartTest "pki_tps_enrollments-001: Add an LDAP user and enroll a token using tpsclient" + ldap_user_num=001 + change_type="add" + passwd="redhat" + local tps_out="$TmpDir/admin_out_tpsenroll001" + local cuid="10000000000000000001" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers001.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers001.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers001.ldif | grep uid: | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll001.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll001.test + /usr/bin/tpsclient < $TmpDir/enroll001.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-002: Pin reset a token using tpsclient" + local tps_out="$TmpDir/admin_out_tpsenroll002" + local cuid="10000000000000000001" + rlLog "gen_pin_reset_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/pinreset002.test" + gen_pin_reset_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/pinreset002.test + /usr/bin/tpsclient < $TmpDir/pinreset002.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_reset_pin' Success" "$tps_out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-003: Format a token using tpsclient" + local tps_out="$TmpDir/admin_out_tpsenroll003" + local cuid="10000000000000000001" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format003.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format003.test + /usr/bin/tpsclient < $TmpDir/format003.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + #Cleanup + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + #### TPS audit logging is not functional yet. https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007 + + rlPhaseStartTest "pki_tps_enrollments-004: Perform 50 enrollments" + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 50 > $TmpDir/ldapusers004.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers004.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 51 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="3000000000000000000$i" + else + cuid="300000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers004.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + i=1 + while [ $i -lt 51 ]; do + if [ $i -lt 10 ]; then + cuid="3000000000000000000$i" + else + cuid="300000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + #Cleanup + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-005: Edit the key size property of userKey profile - BZ 1192232" + header_005="$TmpDir/header005" + local tps_out="$TmpDir/admin_out_tpsenroll0053" + local cuid="10000000000000000053" + rlRun "export SSL_DIR=$CERTDB_DIR" + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers005.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers005.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers005.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test + /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1 + rlRun "sleep 10" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify the certs on the token. Implement that after https://fedorahosted.org/pki/ticket/1164 is fixed + #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + #for j in ${serial[@]}; do + # rlLog "$j" + # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + # rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out" + # rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out" + #done + rlRun "curl --dump-header $header_005 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate005" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232" + # Remove the below when bug 1192232 is fixed + rlRun "curl --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlRun "curl --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile005" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile005" 0 "Download user key profile to a file" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile005 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile005 + rlRun "curl --dump-header $header_005 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile005 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlRun "curl --dump-header $header_005 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/verifykeysize005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/verifykeysize005" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/verifykeysize005" + rlRun "curl --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/changestate005" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test + /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1 + + rlRun "sleep 10" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlLog "gen_enroll_data_file $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0053.test + /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1 + rlRun "sleep 10" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify the certs on the token to check if the key size changes have been applied + #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + #for j in ${serial[@]}; do + # rlLog "$j" + # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + # rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out" + # rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out" + #done + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test + /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1 + rlRun "sleep 10" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + rlRun "curl --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/changestate005" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile005 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile005 + rlRun "curl --dump-header $header_005 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile005 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlRun "curl --dump-header $header_005 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/verifykeysize005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/verifykeysize005" + rlRun "curl --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate005" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/changestate005" + + /usr/bin/tpsclient < $TmpDir/enroll0053.test > $tps_out 2>&1 + rlRun "sleep 10" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify the certs on the token to check if the key size changes have been applied + #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + #for j in ${serial[@]}; do + # rlLog "$j" + # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + # rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out" + # rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out" + #done + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format005.test + /usr/bin/tpsclient < $TmpDir/format005.test > $tps_out 2>&1 + rlRun "sleep 10" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-006: Admin cannot edit userKey profile unless Agent disables the profile" + header_006="$TmpDir/header006" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Check the status of userKey Profile is Enabled" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile006" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile006" 0 "Download user key profile to a file" + rlLog "Edit the userKey Profile xml file by changing the encryption key keySize and update the profile. This should fail." + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile006 + rlLog "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile006 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile006 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 403 Forbidden" "$header_006" + rlAssertGrep "Unable to update profile userKey" "$TmpDir/changekeysize006" + rlLog "Agent disables the profile userKey" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate006" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlLog "Edit userKey profile - key size of encryption key 1024-2048" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile006 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize006" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate006" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate006" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006" + #Revert back the changes + rlRun "curl --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate006" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile006 + rlLog "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile006 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile006 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize006" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize006" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate006" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlRun "curl --dump-header $header_006 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate006" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate006" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate006" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-007: Enrollment fails when profile is disabled - BZ 1192232" + header_007="$TmpDir/header007" + local tps_out="$TmpDir/admin_out_tpsenroll0054" + local cuid="10000000000000000054" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Check the status of userKey Profile is Enabled and disable it." + rlRun "curl --dump-header $header_007 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate007" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate007" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232" + # Remove the below when bug 1192232 is fixed + rlRun "curl --dump-header $header_007 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate007" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + + rlLog "Disable the userKey profile" + rlRun "curl --dump-header $header_007 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate007" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/changestate007" + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers007.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers007.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers007.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0054.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0054.test + /usr/bin/tpsclient < $TmpDir/enroll0054.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format007.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format007.test + /usr/bin/tpsclient < $TmpDir/format007.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + #Revert back the change + rlRun "curl --dump-header $header_007 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate007" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_enrollments-008: Agent approves the profile changes made by Admin" + header_008="$TmpDir/header008" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Check the status of userKey Profile is Enabled" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile008" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile008" 0 "Download user key profile to a file" + rlLog "Agent disables the profile userKey" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate008" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile." + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile008 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile008 + rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile008 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize008" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize008" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Agent user approve and enable the profile" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate008" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate008" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/currentstate008" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + + #Revert back the changes + rlRun "curl --dump-header $header_008 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate008" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile008 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile008 + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "curl --dump-header $header_008 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile008 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile008 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize008" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate008" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlRun "curl --dump-header $header_008 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate008" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate008" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024" "$TmpDir/currentstate008" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate008" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-009: Enrollment fails when profile is in Pending_Approval state" + header_009="$TmpDir/header009" + local tps_out="$TmpDir/admin_out_tpsenroll0055" + local cuid="10000000000000000055" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Check the status of userKey Profile is Enabled and disable it." + rlRun "curl --dump-header $header_009 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile009" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile009" 0 "Download user key profile to a file" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlRun "curl --dump-header $header_009 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate009" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile." + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile009 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile009 + rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval" + rlRun "curl --dump-header $header_009 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile009 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize009" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize009" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers009.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers009.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0055.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0055.test + /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "Approve the profile changes" + rlRun "curl --dump-header $header_009 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/currentstate009" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlRun "curl --dump-header $header_009 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/currentstate009" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/currentstate009" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + + /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify the certs on the token to check if the key size changes have been applied + #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + #for j in ${serial[@]}; do + # rlLog "$j" + # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + # rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out" + # rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out" + #done + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format009.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format009.test + /usr/bin/tpsclient < $TmpDir/format009.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Revert back the change + rlRun "curl --dump-header $header_009 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate009" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile009 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile009 + rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval" + rlRun "curl --dump-header $header_009 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile009 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize009" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize009" + rlRun "curl --dump-header $header_009 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate009" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlRun "curl --dump-header $header_009 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate009" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024" "$TmpDir/currentstate009" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024" "$TmpDir/currentstate009" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate009" + /usr/bin/tpsclient < $TmpDir/enroll0055.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + #Verify the certs on the token to check if the key size changes have been reverted + #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + #numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + #serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + #for j in ${serial[@]}; do + # rlLog "$j" + # rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + # rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out" + # rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out" + #done + + /usr/bin/tpsclient < $TmpDir/format009.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-010: Create a new profile using the properties of userKey profile and agent approves" + header_010="$TmpDir/header010" + local tps_out="$TmpDir/admin_out_tpsenroll0056" + local cuid="10000000000000000056" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Check the status of userKey Profile is Enabled." + rlRun "curl --dump-header $header_010 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate010" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile010" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile010" 0 "Download user key profile to a file" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Disable the userKey profile" + rlRun "curl --dump-header $header_010 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate010" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlLog "Delete the userKey profile" + rlRun "curl --dump-header $header_010 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize010" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_010" + rlLog "Verify the profile userKey has been deleted" + rlRun "curl --dump-header $header_010 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010" + rlAssertGrep "HTTP/1.1 404 Not Found" "$header_010" + rlLog "Set the keySize to 2048 in the saved userKey profile xml file" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile010 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile010 + rlLog "Create a profile with the name userKey" + rlRun "curl --dump-header $header_010 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X POST \ + --data @$TmpDir/userkey-profile010 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles > $TmpDir/changekeysize010" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 201 Created" "$header_010" + rlLog "Verify the userKey profile has been created" + rlRun "curl --dump-header $header_010 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate010" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlLog "Enable the profile before attempting enrollment" + rlRun "curl --dump-header $header_010 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=enable > $TmpDir/changestate010" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlLog "Enroll and format a token using tpsclient" + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers010.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers010.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0056.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0056.test + /usr/bin/tpsclient < $TmpDir/enroll0056.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify the certs on the token to check if the key size changes have been reverted + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + for j in ${serial[@]}; do + rlLog "$j" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + rlAssertGrep "2048 bits" "$TmpDir/keysizecheck.out" + rlAssertNotGrep "1024 bits" "$TmpDir/keysizecheck.out" + done + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format010.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format010.test + /usr/bin/tpsclient < $TmpDir/format010.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Edit the keySize back to 1024" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile010 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile010 + rlLog "Disable the profile before editing it" + + rlRun "curl --dump-header $header_010 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate010" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + + rlRun "curl --dump-header $header_010 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile010 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize010" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + + rlLog "Approve the changes made to the profile" + + rlRun "curl --dump-header $header_010 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate010" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + /usr/bin/tpsclient < $TmpDir/enroll0056.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify the certs on the token to check if the key size changes have been reverted + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + for j in ${serial[@]}; do + rlLog "$j" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out" + rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out" + done + + /usr/bin/tpsclient < $TmpDir/format010.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_enrollments-011: Create a new profile userKey when userKey profile already exists" + header_011="$TmpDir/header011" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Check the status of userKey Profile is Enabled." + rlRun "curl --dump-header $header_011 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile011" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile011" 0 "Download user key profile to a file" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Disable the userKey profile" + rlRun "curl --dump-header $header_011 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate011" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlLog "Set the keySize to 2048 in the saved userKey profile xml file" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile011 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile011 + rlRun "curl --dump-header $header_011 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile011 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize011" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlLog "Approve the changes made to the profile" + + rlRun "curl --dump-header $header_011 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate011" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlRun "curl --dump-header $header_011 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011" + rlLog "Create a profile with the name userKey" + rlRun "curl --dump-header $header_011 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X POST \ + --data @$TmpDir/userkey-profile011 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles > $TmpDir/changekeysize011" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 409 Conflict" "$header_011" + + # Revert back the changes + + rlLog "Disable the userKey profile" + rlRun "curl --dump-header $header_011 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate011" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlLog "Set the keySize to 2048 in the saved userKey profile xml file" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile011 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile011 + rlRun "curl --dump-header $header_011 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile011 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize011" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlLog "Approve the changes made to the profile" + + rlRun "curl --dump-header $header_011 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate011" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlRun "curl --dump-header $header_011 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate011" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate011" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-012: Profile is not enabled if it is rejected by agent after modification to profile" + header_012="$TmpDir/header012" + local tps_out="$TmpDir/admin_out_tpsenroll0057" + local cuid="10000000000000000057" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Check the status of userKey Profile is Enabled." + rlRun "curl --dump-header $header_012 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate012" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile012" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile012" 0 "Download user key profile to a file" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + + rlLog "Disable the userKey profile" + rlRun "curl --dump-header $header_012 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate012" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlLog "Set the keySize to 2048 in the saved userKey profile xml file" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile012 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile012 + rlRun "curl --dump-header $header_012 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile012 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize012" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + + rlLog "Reject the changes made to the profile" + + rlRun "curl --dump-header $header_012 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=reject > $TmpDir/changestate012" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + + rlRun "curl --dump-header $header_012 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlAssertGrep "<Status>Disabled</Status>" "$TmpDir/currentstate012" + + #Revert the changes back + + rlLog "Set the keySize to 1024 in the saved userKey profile xml file" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile012 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile012 + rlRun "curl --dump-header $header_012 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile012 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize012" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + + rlLog "Approve the changes made to the profile" + + rlRun "curl --dump-header $header_012 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate012" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlRun "curl --dump-header $header_012 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate012" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate012" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers010.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers010.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers009.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0057.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0057.test + /usr/bin/tpsclient < $TmpDir/enroll0057.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + #Verify the certs on the token to check if the key size changes have been reverted + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + for j in ${serial[@]}; do + rlLog "$j" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j --pretty > $TmpDir/keysizecheck.out" + rlAssertGrep "1024 bits" "$TmpDir/keysizecheck.out" + rlAssertNotGrep "2048 bits" "$TmpDir/keysizecheck.out" + done + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format012.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format012.test + /usr/bin/tpsclient < $TmpDir/format012.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + ### TPS subsystem connection is not working. https://bugzilla.redhat.com/show_bug.cgi?id=1194050. 2 tests skipped. + + rlPhaseStartTest "pki_tps_enrollments-013: Edit the mapping order of enrollment profile mapper - BZ 1192232" + header_013="$TmpDir/header013" + local tps_out="$TmpDir/admin_out_tpsenroll0058" + local cuid="10000000000000000058" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Review the mapping order of enroll profile mapping" + rlRun "curl --dump-header $header_013 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/currentstate013" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlAssertGrep "<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2" "$TmpDir/currentstate013" + rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate013" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232" + # Remove the below when bug 1192232 is fixed + rlRun "curl --dump-header $header_013 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlRun "curl --dump-header $header_013 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate013" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlLog "Download enroll mapping profile" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping013" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping013" 0 "Download enroll profile mapping to a file" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)" + + rlLog "Set the enroll profile mapping order property to 2,0,1" + sed -i -e "s/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">2,0,1/g" $TmpDir/enroll-profile-mapping013 + rlRun "curl --dump-header $header_013 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/enroll-profile-mapping013 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/changeorder013" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlRun "curl --dump-header $header_013 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlAssertGrep "<Status>Enabled" "$TmpDir/changestate013" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers013.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers013.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers013.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0058.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0058.test + /usr/bin/tpsclient < $TmpDir/enroll0058.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format013.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format013.test + /usr/bin/tpsclient < $TmpDir/format013.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + #Revert back the change + rlRun "curl --dump-header $header_013 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate013" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + + sed -i -e "s/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">2,0,1/<Property name=\"tokenProfileResolver.enrollMappingResolver.mapping.order\">0,1,2/g" $TmpDir/enroll-profile-mapping013 + rlRun "curl --dump-header $header_013 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/enroll-profile-mapping013 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/changeorder013" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + + rlRun "curl --dump-header $header_013 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate013" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlAssertGrep "<Status>Enabled" "$TmpDir/changestate013" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)" + + /usr/bin/tpsclient < $TmpDir/enroll0058.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format013.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-014: Delete the existing enroll mapping profile and add a new one" + header_014="$TmpDir/header014" + local tps_out="$TmpDir/admin_out_tpsenroll0059" + local cuid="10000000000000000059" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Review the mapping order of enroll profile mapping" + rlRun "curl --dump-header $header_014 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/currentstate014" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate014" + rlRun "curl --dump-header $header_014 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=disable > $TmpDir/changestate014" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + + rlLog "Download enroll mapping profile" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping014" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-mapping-show enrollMappingResolver --output $TmpDir/enroll-profile-mapping014" 0 "Download enroll profile mapping to a file" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profile_Mappings.enrollMappingResolver.timestamp | cut -d= -f2)" + rlRun "curl --dump-header $header_014 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver > $TmpDir/deletemapping014" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_014" + rlAssertNotGrep "enrollMappingResolver" "$TmpDir/deletemapping014" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers014.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers014.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers014.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0059.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0059.test + /usr/bin/tpsclient < $TmpDir/enroll0059.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format014.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format014.test + /usr/bin/tpsclient < $TmpDir/format014.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Create a new enroll profile mapping using the downloaded file" + rlRun "curl --dump-header $header_014 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X POST \ + --data @$TmpDir/enroll-profile-mapping014 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings > $TmpDir/addenrollmapping014" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 201 Created" "$header_014" + rlAssertGrep "enrollMappingResolver" "$TmpDir/addenrollmapping014" + + rlRun "curl --dump-header $header_014 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profile-mappings/enrollMappingResolver?action=enable > $TmpDir/changestate014" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + + /usr/bin/tpsclient < $TmpDir/enroll0059.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format014.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-015: TPS process shutdown when the audit log (disk) is full - PKI ticket 1006" + header_015="$TmpDir/header015" + local tps_out="$TmpDir/admin_out_tpsenroll0060" + local cuid="10000000000000000060" + partition_created="false" + new_mount_dir="/tps-audit-logs" + #Create 2M ram-disk for the audit logs + rlRun "mkdir $new_mount_dir" + rlRun "mount -t tmpfs -o size=2M,mode=0755 tmpfs $new_mount_dir" + rlRun "chown pkiuser:pkiuser $new_mount_dir" + # Add appropriate selinux context to the partition: + semanage_loc="/usr/sbin/semanage" + rlRun "$semanage_loc fcontext -a -t pki_tomcat_log_t $new_mount_dir" + rlRun "restorecon -vR $new_mount_dir" + partition_created="true" + + if [ $partition_created = "true" ]; then + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak015" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s,log.instance.SignedAudit.fileName=.*,log.instance.SignedAudit.fileName=$new_mount_dir/tps-audit.log,g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Check and delete audit failure message from error log + #no error log file + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers015.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers015.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers015.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format015.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format015.test + /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0060.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0060.test + /usr/bin/tpsclient < $TmpDir/enroll0060.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Fill the disk + rlRun "dd if=/dev/zero of=$new_mount_dir/bigfile bs=10K count=117" +#change ownership of the file + rlRun "chown pkiuser: $new_mount_dir/bigfile" + + /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/enroll0060.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Remove this when the bug is fixed + /usr/bin/tpsclient < $TmpDir/format015.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Check the error log for message for failure to write to audit log + rlFail "No Audit log messages - https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + #Cleanup partition + rlRun "umount $new_mount_dir" + rlRun "rm -rf $new_mount_dir" + rlRun "rm -rf $tps_conf_bak" + + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-016: TPS process shutdown when the signed audit log (disk) is full - PKI ticket 1006" + header_016="$TmpDir/header016" + local tps_out="$TmpDir/admin_out_tpsenroll0061" + local cuid="10000000000000000061" + partition_created="false" + new_mount_dir="/tps-audit-log1" + #Create 2M ram-disk for the audit logs + rlRun "mkdir $new_mount_dir" + rlRun "mount -t tmpfs -o size=2M,mode=0755 tmpfs $new_mount_dir" + rlRun "chown pkiuser:pkiuser $new_mount_dir" + # Add appropriate selinux context to the partition: + semanage_loc="/usr/sbin/semanage" + rlRun "$semanage_loc fcontext -a -t pki_tomcat_log_t $new_mount_dir" + rlRun "restorecon -vR $new_mount_dir" + partition_created="true" + + if [ $partition_created = "true" ]; then + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak016" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s,log.instance.SignedAudit.fileName=.*,log.instance.SignedAudit.fileName=$new_mount_dir/tps-audit.log,g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.signedAuditCertNickname=.*/log.instance.SignedAudit.signedAuditCertNickname=$(eval echo \$${TPS_INST}_AUDIT_SIGNING_CERT_NICKNAME)/g" $tps_conf + rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.fileName)" + rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.logSigning)" + rlLog "$(cat $tps_conf | grep log.instance.SignedAudit.signedAuditCertNickname)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Check and delete audit failure message from error log + #no error log file + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers016.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers016.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers016.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format016.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format016.test + /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0061.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0061.test + /usr/bin/tpsclient < $TmpDir/enroll0061.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Fill the disk + rlRun "dd if=/dev/zero of=$new_mount_dir/bigfile bs=10K count=117" + #change ownership of the file + rlRun "chown pkiuser: $new_mount_dir/bigfile" + + /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/enroll0061.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Remove this when the bug is fixed + /usr/bin/tpsclient < $TmpDir/format016.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Check the error log for message for failure to write to audit log + rlFail "No Audit log messages - https://fedorahosted.org/pki/ticket/1006 and https://fedorahosted.org/pki/ticket/1007" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + #Cleanup partition + rlRun "umount $new_mount_dir" + rlRun "rm -rf $new_mount_dir" + rlRun "rm -rf $tps_conf_bak" + + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-017: Audit messages are flushed to the log file for every given flush interval - PKI ticket 1006" + header_017="$TmpDir/header017" + local tps_out="$TmpDir/admin_out_tpsenroll0062" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak017" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers017.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers017.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers017.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + rlLog "$i" + done + + #Wait for flush interval + rlRun "sleep 5" + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-018: Audit messages are flushed to the log file for every given flush interval when the flush interval is longer - PKI ticket 1006" + header_018="$TmpDir/header018" + local tps_out="$TmpDir/admin_out_tpsenroll0063" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak018" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers018.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers018.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers018.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + #Wait for flush interval + rlRun "sleep 123" + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-019: Audit messages are flushed to the log file for every given flush interval when the flush interval is 0 - PKI ticket 1006" + header_019="$TmpDir/header019" + local tps_out="$TmpDir/admin_out_tpsenroll0064" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak019" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers019.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers019.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers019.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + + + rlPhaseStartTest "pki_tps_enrollments-020: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog - PKI ticket 1006" + header_020="$TmpDir/header020" + local tps_out="$TmpDir/admin_out_tpsenroll0065" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak020" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers020.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers020.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers020.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + #Wait for flush interval + rlRun "sleep 5" + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_enrollments-021: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and longer flush interval - PKI ticket 1006" + header_021="$TmpDir/header021" + local tps_out="$TmpDir/admin_out_tpsenroll0066" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak021" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers021.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers021.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers021.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Wait for flush interval + rlRun "sleep 123" + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + + + rlPhaseStartTest "pki_tps_enrollments-022: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and flush interval is 0 - PKI ticket 1006" + header_022="$TmpDir/header022" + local tps_out="$TmpDir/admin_out_tpsenroll0067" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak022" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers022.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers022.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers022.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + + + rlPhaseStartTest "pki_tps_enrollments-023: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog, buffer size is very small and flush interval is 5s - PKI ticket 1006" + header_023="$TmpDir/header023" + local tps_out="$TmpDir/admin_out_tpsenroll0068" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak023" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers023.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers023.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers023.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Wait for flush interval + rlRun "sleep 5" + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + + + rlPhaseStartTest "pki_tps_enrollments-024: Audit messages are flushed to the log file for every given flush interval when file type is RollingLog and buffer size is 0 - PKI ticket 1006" + header_024="$TmpDir/header024" + local tps_out="$TmpDir/admin_out_tpsenroll0069" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak024" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=0/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=false/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers024.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers024.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers024.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + + + rlPhaseStartTest "pki_tps_enrollments-025: Audit messages are flushed to the log file for every given flush interval when log signing is enabled - PKI ticket 1006" + header_025="$TmpDir/header025" + local tps_out="$TmpDir/admin_out_tpsenroll0070" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak025" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers025.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers025.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers025.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Wait for flush interval + rlRun "sleep 5" + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + + + + rlPhaseStartTest "pki_tps_enrollments-026: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and flush interval is longer - PKI ticket 1006" + header_026="$TmpDir/header026" + local tps_out="$TmpDir/admin_out_tpsenroll0071" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak026" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers026.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers026.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers026.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Wait for flush interval + rlRun "sleep 123" + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-027: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and flush interval is 0 - PKI ticket 1006" + header_027="$TmpDir/header027" + local tps_out="$TmpDir/admin_out_tpsenroll0072" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak027" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.LogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers027.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers027.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers026.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-028: Audit messages are flushed to the log file for every given flush interval when log signing is enabled and RollingLogFile type - PKI ticket 1006" + header_028="$TmpDir/header028" + local tps_out="$TmpDir/admin_out_tpsenroll0073" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak028" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=4096/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers028.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers028.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers028.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Wait for flush interval + rlRun "sleep 5" + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-029: Audit messages are flushed to the log file for longer flush interval when log signing is enabled and RollingLogFile type - PKI ticket 1006" + header_029="$TmpDir/header029" + local tps_out="$TmpDir/admin_out_tpsenroll0074" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak029" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=8192/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=123/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers029.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers029.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers029.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + #Wait for flush interval + rlRun "sleep 123" + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-030: Audit messages are flushed to the log file when flush interval is 0 when log signing is enabled and RollingLogFile type - PKI ticket 1006" + header_030="$TmpDir/header030" + local tps_out="$TmpDir/admin_out_tpsenroll0075" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak030" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=0/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers030.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers030.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers030.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-031: Audit messages are flushed to the log file when flush interval is 5 when log signing is enabled, RollingLogFile type and buffer size is very small - PKI ticket 1006" + header_031="$TmpDir/header031" + local tps_out="$TmpDir/admin_out_tpsenroll0076" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak031" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=512/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers031.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers031.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers031.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Wait for flush interval + rlRun "sleep 5" + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-032: Audit messages are flushed to the log file when flush interval is 5 when log signing is enabled, RollingLogFile type and buffer size is 0 - PKI ticket 1006" + header_032="$TmpDir/header032" + local tps_out="$TmpDir/admin_out_tpsenroll0077" + #Make tps CS.cfg audit log to write to the new partition + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak032" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/log.instance.SignedAudit.bufferSize=.*/log.instance.SignedAudit.bufferSize=0/g" $tps_conf + sed -i -e "s/log.impl.file.class=.*/log.impl.file.class=com.netscape.cms.logging.RollingLogFile/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.flushInterval=.*/log.instance.SignedAudit.flushInterval=5/g" $tps_conf + sed -i -e "s/log.instance.SignedAudit.logSigning=.*/log.instance.SignedAudit.logSigning=true/g" $tps_conf + + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + #Delete audit log file + audit_log=$(cat $tps_conf | grep log.instance.SignedAudit.fileName | cut -d= -f2) + #rlRun "rm -rf $audit_log" + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + i=1 + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 4 > $TmpDir/ldapusers032.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers032.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + while [ $i -lt 5 ]; do + local tps_out="$TmpDir/admin_out_tpsenroll00$i" + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + ldap_user=$(cat $TmpDir/ldapusers032.ldif | grep -x "uid: idmuser$i" | cut -d ':' -f2 | tr -d ' ') + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll00$i.test + /usr/bin/tpsclient < $TmpDir/enroll00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + i=$((i+1)) + done + + #Wait for flush interval + rlRun "sleep 5" + #Verify audit log for each enrollment. I am checking just one here because audit log does not have any messages. Change it for all users once the bug is fixed. + rlAssertGrep "idmuser1" "$audit_log" + rlLog "https://fedorahosted.org/pki/ticket/1006" + rlLog "https://fedorahosted.org/pki/ticket/1007" + i=1 + while [ $i -lt 5 ]; do + if [ $i -lt 10 ]; then + cuid="4000000000000000000$i" + else + cuid="400000000000000000$i" + fi + if [ $i -lt 10 ]; then + ldap_user="idmuser$i" + else + ldap_user="idmuser$i" + fi + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format00$i.test + /usr/bin/tpsclient < $TmpDir/format00$i.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + i=$((i+1)) + done + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + # restore CS.cfg + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-033: Edit the authenticator port - BZ 643446" + header_033="$TmpDir/header033" + local tps_out="$TmpDir/admin_out_tpsenroll0078" + local cuid="10000000000000000078" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Review the authenticator 1" + rlRun "curl --dump-header $header_033 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/currentstate033" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + rlAssertGrep "<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)" "$TmpDir/currentstate033" + rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate033" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232" + # Remove the below when bug 1192232 is fixed + rlRun "curl --dump-header $header_033 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + + rlRun "curl --dump-header $header_033 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate033" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + rlLog "Download authenticator 1" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth033" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth033" 0 "Download authenticator ldap1" + + rlLog "Set the authenticator port to 1234" + sed -i -e "s/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">1234/g" $TmpDir/auth033 + rlRun "curl --dump-header $header_033 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/auth033 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/changeorder033" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + #The server has to restarted because of https://bugzilla.redhat.com/show_bug.cgi?id=643446. Remove these lines once the bug is fixed. I am doing this because the further tests are failing if this not done. + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "curl --dump-header $header_033 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + rlAssertGrep "<Status>Enabled" "$TmpDir/changestate033" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers033.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers033.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers033.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0078.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0078.test + /usr/bin/tpsclient < $TmpDir/enroll0078.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format033.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format033.test + /usr/bin/tpsclient < $TmpDir/format033.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + #Revert back the change + rlRun "curl --dump-header $header_033 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate033" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + + sed -i -e "s/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">1234/<Property name=\"auths.instance.ldap1.ldap.ldapconn.port\">$(eval echo \$${TPS_INST}_LDAP_PORT)/g" $TmpDir/auth033 + rlRun "curl --dump-header $header_033 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/auth033 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/changeorder033" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + #The server has to restarted because of https://bugzilla.redhat.com/show_bug.cgi?id=643446. Remove these lines once the bug is fixed. + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "curl --dump-header $header_033 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate033" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + rlAssertGrep "<Status>Enabled" "$TmpDir/changestate033" + + /usr/bin/tpsclient < $TmpDir/enroll0078.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format033.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-034: Delete authenticator" + header_034="$TmpDir/header034" + local tps_out="$TmpDir/admin_out_tpsenroll0079" + local cuid="10000000000000000079" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Review the authenticator 1" + rlRun "curl --dump-header $header_034 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/currentstate034" + rlAssertGrep "HTTP/1.1 200 OK" "$header_034" + rlAssertGrep "<Status>Enabled" "$TmpDir/currentstate034" + rlRun "curl --dump-header $header_034 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=disable > $TmpDir/changestate034" + rlAssertGrep "HTTP/1.1 200 OK" "$header_034" + rlLog "Download authenticator 1" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth034" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-authenticator-show ldap1 --output $TmpDir/auth034" 0 "Download authenticator ldap1" + + rlRun "curl --dump-header $header_034 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1 > $TmpDir/deleteauth034" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_034" + rlAssertNotGrep "ldap1" "$TmpDir/deleteauth034" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers034.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers034.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers034.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0079.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0079.test + /usr/bin/tpsclient < $TmpDir/enroll0079.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format034.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format034.test + /usr/bin/tpsclient < $TmpDir/format034.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + rlLog "Create a new authenticator 1" + rlRun "curl --dump-header $header_034 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X POST \ + --data @$TmpDir/auth034 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators > $TmpDir/addauth034" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 201 Created" "$header_034" + rlAssertGrep "ldap1" "$TmpDir/addauth034" + + rlRun "curl --dump-header $header_034 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/authenticators/ldap1?action=enable > $TmpDir/changestate034" + rlAssertGrep "HTTP/1.1 200 OK" "$header_034" + + /usr/bin/tpsclient < $TmpDir/enroll0079.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format034.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + #tps40 expects enrollment to fail when applet.delete_old is false but it is not so. Also seeing an internal server error during edit config param + rlPhaseStartTest "pki_tps_enrollments-035: Edit general configuration - BZ 1195895" + header_035="$TmpDir/header035" + local tps_out="$TmpDir/admin_out_tpsenroll0080" + local cuid="10000000000000000080" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Review general configuration" + rlRun "curl --dump-header $header_035 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035" + rlAssertGrep "HTTP/1.1 200 OK" "$header_035" + rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/config035" + rlLog "Download general config" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-config-show --output $TmpDir/config035" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-config-show --output $TmpDir/config035" 0 "Download general configuration" + + rlLog "Set applet.delete_old to false" + sed -i -e "s/<Property name=\"applet.delete_old\">true/<Property name=\"applet.delete_old\">false/g" $TmpDir/config035 + rlRun "curl --dump-header $header_035 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/config035 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/changeapplet035" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_035" + rlAssertGrep "<Property name=\"applet.delete_old\">false" "$TmpDir/changeapplet035" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1195895" + rlRun "curl --dump-header $header_035 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035" + + rlAssertGrep "HTTP/1.1 200 OK" "$header_035" + rlAssertGrep "<Property name=\"applet.delete_old\">false" "$TmpDir/config035" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers035.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers035.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers035.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0080.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0080.test + /usr/bin/tpsclient < $TmpDir/enroll0080.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format035.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format035.test + /usr/bin/tpsclient < $TmpDir/format035.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + #Revert back the change + + sed -i -e "s/<Property name=\"applet.delete_old\">false/<Property name=\"applet.delete_old\">true/g" $TmpDir/config035 + + rlRun "curl --dump-header $header_035 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/config035 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/changeapplet035" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_035" + rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/changeapplet035" + + rlRun "curl --dump-header $header_035 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/config > $TmpDir/config035" + + rlAssertGrep "HTTP/1.1 200 OK" "$header_035" + rlAssertGrep "<Property name=\"applet.delete_old\">true" "$TmpDir/config035" + + /usr/bin/tpsclient < $TmpDir/enroll0080.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + /usr/bin/tpsclient < $TmpDir/format035.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-036: Edit key recovery properties of userKey profile" + header_036="$TmpDir/header036" + local tps_out="$TmpDir/admin_out_tpsenroll0081" + local cuid="10000000000000000081" + local new_cuid="10000000000000000082" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Check the status of userKey Profile is Enabled" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast" "$TmpDir/currentstate036" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile036" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile036" 0 "Download user key profile to a file" + rlLog "Agent disables the profile userKey" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate036" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Edit the userKey Profile xml file by changing the keyRecovery scheme param" + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast/g" $TmpDir/userkey-profile036 + rlLog "Edit userKey profile - changing the keyRecovery scheme param" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile036 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize036" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize036" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Agent user approve and enable the profile" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate036" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast" "$TmpDir/currentstate036" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers036.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers036.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + local ldap_user=$(cat $TmpDir/ldapusers036.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0081.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0081.test + /usr/bin/tpsclient < $TmpDir/enroll0081.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate036" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate036" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate036" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0082.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0082.test + /usr/bin/tpsclient < $TmpDir/enroll0082.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify there are 2 encryption certs + + #rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out" + #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out" + #numofentries=$(cat $TmpDir/tokencert.out | grep Token | wc -l) + #rlLog "$numofentries" + #if [ numofentries = 3 ]; then + # rlPass "The token has 3 certificates" + #fi + + + #Add Damaged to format transition to CS.cfg + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak036" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=0:0,0:4,4:0,1:0/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test + /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format036.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format036.test + /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $new_cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + + #Revert back the changes + + rlRun "curl --dump-header $header_036 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate036" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">GenerateNewKeyandRecoverLast/<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast/g" $TmpDir/userkey-profile036 + rlLog "Edit userKey profile - changing the keyRecovery scheme param" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile036 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize036" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize036" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Agent user approve and enable the profile" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate036" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlRun "curl --dump-header $header_036 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate036" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme\">RecoverLast" "$TmpDir/currentstate036" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate036" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + + #Enroll a new token + cuid="10000000000000000083" + ldap_user=$(cat $TmpDir/ldapusers036.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0083.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0083.test + /usr/bin/tpsclient < $TmpDir/enroll0083.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Verify there are 3 certs - Find the certs on a token when a token ID is provided, feature does not exist + + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep $cuid > $TmpDir/tokencert.out" + numofentries=$(cat $TmpDir/tokencert.out | grep Token | wc -l) + rlLog "$numofentries" + if [ numofentries = 2 ]; then + rlPass "Changes have been reverted successfully" + fi + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format036.test + /usr/bin/tpsclient < $TmpDir/format036.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-037: Edit the params that determine the cert revocation in tokenKey profile - BZ 1192232" + header_037="$TmpDir/header037" + local tps_out="$TmpDir/admin_out_tpsenroll0084" + local cuid="10000000000000000084" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Check the status of tokenKey Profile is Enabled" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">true" "$TmpDir/currentstate037" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1192232" + # Remove the below when bug 1192232 is fixed + rlRun "curl --dump-header $header_037 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=enable > $TmpDir/changestate037" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + + rlLog "Download tokenKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show tokenKey --output $TmpDir/tokenkey-profile037" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show tokenKey --output $TmpDir/tokenkey-profile037" 0 "Download user key profile to a file" + rlLog "Agent disables the profile tokenKey" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=disable > $TmpDir/changestate037" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlLog "Edit the tokenKey Profile xml file revokeCert property" + sed -i -e "s/<Property name=\"op.format.tokenKey.revokeCert\">true/<Property name=\"op.format.tokenKey.revokeCert\">false/g" $TmpDir/tokenkey-profile037 + rlLog "Edit userKey profile - revokeCert parameter" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/tokenkey-profile037 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/changekeysize037" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize037" + rlLog "Agent user approve and enable the profile" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=approve > $TmpDir/changestate037" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">false" "$TmpDir/currentstate037" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers037.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers037.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers037.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test + /usr/bin/tpsclient < $TmpDir/enroll0084.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #to check if there are encryption and signing certs - not complete + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test + /usr/bin/tpsclient < $TmpDir/format037.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-cert-find | grep -B2 $cuid > $TmpDir/tokencert.out" + numofentries=$(cat $TmpDir/tokencert.out | grep Serial | wc -l) + serial=$(cat $TmpDir/tokencert.out | grep 'Serial Number' | cut -d ':' -f2 | tr -d ' ') + for j in ${serial[@]}; do + rlLog "$j" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $tmp_ca_admin -h $tmp_tps_host -p $target_unsecure_port cert-show $j > $TmpDir/keysizecheck.out" + rlAssertGrep "Status: VALID" "$TmpDir/keysizecheck.out" + done + + #Revert the changes + + rlRun "curl --dump-header $header_037 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=disable > $TmpDir/changestate037" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlLog "Edit the tokenKey Profile xml file revokeCert property" + sed -i -e "s/<Property name=\"op.format.tokenKey.revokeCert\">false/<Property name=\"op.format.tokenKey.revokeCert\">true/g" $TmpDir/tokenkey-profile037 + rlLog "Edit userKey profile - revokeCert parameter" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/tokenkey-profile037 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/changekeysize037" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize037" + rlLog "Agent user approve and enable the profile" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey?action=approve > $TmpDir/changestate037" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlRun "curl --dump-header $header_037 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/tokenKey > $TmpDir/currentstate037" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_037" + rlAssertGrep "<Property name=\"op.format.tokenKey.revokeCert\">true" "$TmpDir/currentstate037" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate037" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0084.test + /usr/bin/tpsclient < $TmpDir/enroll0084.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format037.test + /usr/bin/tpsclient < $TmpDir/format037.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-038: TPS operations.allowedTransitions - default configuration - Format an uninitialized token (0:0)" + header_038="$TmpDir/header038" + local tps_out="$TmpDir/admin_out_tpsenroll038" + local cuid="10000000000000000085" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers038.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers038.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers038.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Format an uninitialized token" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format038.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format038.test + /usr/bin/tpsclient < $TmpDir/format038.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlPhaseEnd + + + + rlPhaseStartTest "pki_tps_enrollments-039: TPS operations.allowedTransitions - default configuration - Enroll a formatted token (0:4)" + local cuid="10000000000000000085" + local tps_out="$TmpDir/admin_out_tpsenroll039" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test + /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format039.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format039.test + /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-040: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, format the token" + local cuid="10000000000000000085" + header_040="$TmpDir/header040" + local tps_out="$TmpDir/admin_out_tpsenroll040" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test + /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_040 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate040" + rlAssertGrep "HTTP/1.1 200 OK" "$header_040" + rlRun "curl --dump-header $header_040 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate040" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_040" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate040" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format040.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format040.test + /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + #Cleanup + rlLog "Mark the token as found and then format" + rlRun "curl --dump-header $header_040 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate040" + rlAssertGrep "HTTP/1.1 200 OK" "$header_040" + rlRun "curl --dump-header $header_040 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate040" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_040" + rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate040" + + /usr/bin/tpsclient < $TmpDir/format039.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-041: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, enroll the token" + local cuid="10000000000000000085" + header_041="$TmpDir/header041" + local tps_out="$TmpDir/admin_out_tpsenroll041" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test + /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_041 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate041" + rlAssertGrep "HTTP/1.1 200 OK" "$header_041" + rlRun "curl --dump-header $header_041 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate041" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_041" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate041" + + /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + rlLog "Mark the token as found and then format" + rlRun "curl --dump-header $header_041 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate041" + rlAssertGrep "HTTP/1.1 200 OK" "$header_041" + rlRun "curl --dump-header $header_041 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate041" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_041" + rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate041" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format41.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format041.test + /usr/bin/tpsclient < $TmpDir/format041.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-042: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token issued, mark the temporary lost token to be permanently lost - format or enroll perm lost token" + local cuid="10000000000000000085" + local new_cuid="10000000000000000086" + header_042="$TmpDir/header042" + local tps_out="$TmpDir/admin_out_tpsenroll042" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0085.test + /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_042 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate042" + rlAssertGrep "HTTP/1.1 200 OK" "$header_042" + rlRun "curl --dump-header $header_042 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate042" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_042" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate042" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0086.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0086.test + /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Temporarily lost token is permanently lost" + rlRun "curl --dump-header $header_042 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate042" + rlAssertGrep "HTTP/1.1 200 OK" "$header_042" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate042" + + /usr/bin/tpsclient < $TmpDir/enroll0085.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format42.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format042.test + /usr/bin/tpsclient < $TmpDir/format042.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + #Cleanup + rlLog "Delete permanently lost token" + rlRun "curl --dump-header $header_042 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken042" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_042" + + rlRun "curl --dump-header $header_042 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken042" + rlAssertGrep "HTTP/1.1 200 OK" "$header_042" + rlAssertNotGrep "$cuid" "$TmpDir/showToken042" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format42.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format042.test + /usr/bin/tpsclient < $TmpDir/format042.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-043: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token is not issued, mark the temporary lost token to be permanently lost - format or enroll perm lost token" + local cuid="10000000000000000086" + header_043="$TmpDir/header043" + local tps_out="$TmpDir/admin_out_tpsenroll043" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0086.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0086.test + /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_043 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate043" + rlAssertGrep "HTTP/1.1 200 OK" "$header_043" + rlRun "curl --dump-header $header_043 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate043" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_043" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate043" + + + rlLog "Change the state of the token - Temporarily lost token is permanently lost" + rlRun "curl --dump-header $header_043 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate043" + rlAssertGrep "HTTP/1.1 200 OK" "$header_043" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate043" + + /usr/bin/tpsclient < $TmpDir/enroll0086.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format43.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format043.test + /usr/bin/tpsclient < $TmpDir/format043.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + #Cleanup + rlLog "Delete permanently lost token" + rlRun "curl --dump-header $header_043 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken043" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_043" + + rlRun "curl --dump-header $header_043 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken043" + rlAssertGrep "HTTP/1.1 200 OK" "$header_043" + rlAssertNotGrep "$cuid" "$TmpDir/showToken043" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-044: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token is issued - format the temp token" + local cuid="10000000000000000087" + local new_cuid="10000000000000000088" + header_044="$TmpDir/header044" + local tps_out="$TmpDir/admin_out_tpsenroll044" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + #passwd="redhat" + #rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers044.ldif" + #rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers044.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + #ldap_user=$(cat $TmpDir/ldapusers044.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0087.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0087.test + /usr/bin/tpsclient < $TmpDir/enroll0087.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_044 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate044" + rlAssertGrep "HTTP/1.1 200 OK" "$header_044" + rlRun "curl --dump-header $header_044 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate044" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_044" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate044" + + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0087.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0087.test + /usr/bin/tpsclient < $TmpDir/enroll0087.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format44.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format044.test + /usr/bin/tpsclient < $TmpDir/format044.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + rlLog "Delete temporarily lost token" + rlRun "curl --dump-header $header_044 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken044" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_044" + + rlRun "curl --dump-header $header_044 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken044" + rlAssertGrep "HTTP/1.1 200 OK" "$header_044" + rlAssertNotGrep "$cuid" "$TmpDir/showToken044" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-045: TPS operations.allowedTransitions - Mark the Enrolled token temporarily lost, temp token issued, mark the temporary lost token to be permanently lost - format the temp token" + local cuid="10000000000000000088" + local new_cuid="10000000000000000089" + header_045="$TmpDir/header045" + local tps_out="$TmpDir/admin_out_tpsenroll045" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_045 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate045" + rlAssertGrep "HTTP/1.1 200 OK" "$header_045" + rlRun "curl --dump-header $header_045 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate045" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_045" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate045" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + + rlLog "Change the state of the token - Temporarily lost token is permanently lost" + rlRun "curl --dump-header $header_045 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate045" + rlAssertGrep "HTTP/1.1 200 OK" "$header_045" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/changestate045" + + rlLog "Format the temporary token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format45.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format045.test + /usr/bin/tpsclient < $TmpDir/format045.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + rlLog "Delete permanently lost token" + rlRun "curl --dump-header $header_045 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken045" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_045" + + rlRun "curl --dump-header $header_045 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken045" + rlAssertGrep "HTTP/1.1 200 OK" "$header_045" + rlAssertNotGrep "$cuid" "$TmpDir/showToken045" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-046: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, format the token" + local cuid="10000000000000000089" + header_046="$TmpDir/header046" + local tps_out="$TmpDir/admin_out_tpsenroll046" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to permanently lost" + rlRun "curl --dump-header $header_046 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate046" + rlAssertGrep "HTTP/1.1 200 OK" "$header_046" + rlRun "curl --dump-header $header_046 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate046" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_046" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate046" + + + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format046.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format046.test + /usr/bin/tpsclient < $TmpDir/format046.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + #Cleanup + rlLog "Delete permanently lost token" + rlRun "curl --dump-header $header_046 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken046" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_046" + + rlRun "curl --dump-header $header_046 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken046" + rlAssertGrep "HTTP/1.1 200 OK" "$header_046" + rlAssertNotGrep "$cuid" "$TmpDir/showToken046" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-047: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, enroll the token" + local cuid="10000000000000000089" + header_047="$TmpDir/header047" + local tps_out="$TmpDir/admin_out_tpsenroll047" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to permanently lost" + rlRun "curl --dump-header $header_047 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate047" + rlAssertGrep "HTTP/1.1 200 OK" "$header_047" + rlRun "curl --dump-header $header_047 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate047" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_047" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate047" + + + rlLog "Enroll the token" + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + rlLog "Delete permanently lost token" + rlRun "curl --dump-header $header_047 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken047" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_047" + + rlRun "curl --dump-header $header_047 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken047" + rlAssertGrep "HTTP/1.1 200 OK" "$header_047" + rlAssertNotGrep "$cuid" "$TmpDir/showToken047" + rlPhaseEnd + + + +rlPhaseStartTest "pki_tps_enrollments-048: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, format the token" + local cuid="10000000000000000089" + header_048="$TmpDir/header048" + local tps_out="$TmpDir/admin_out_tpsenroll048" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to physically damaged" + rlRun "curl --dump-header $header_048 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate048" + rlAssertGrep "HTTP/1.1 200 OK" "$header_048" + rlRun "curl --dump-header $header_048 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate048" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_048" + rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate048" + + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format048.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format048.test + /usr/bin/tpsclient < $TmpDir/format048.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + #Cleanup + rlLog "Delete the damaged token" + rlRun "curl --dump-header $header_048 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken048" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_048" + + rlRun "curl --dump-header $header_048 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken048" + rlAssertGrep "HTTP/1.1 200 OK" "$header_048" + rlAssertNotGrep "$cuid" "$TmpDir/showToken048" + rlPhaseEnd + + +rlPhaseStartTest "pki_tps_enrollments-049: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, enroll the token" + local cuid="10000000000000000089" + header_049="$TmpDir/header049" + local tps_out="$TmpDir/admin_out_tpsenroll049" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to physically damaged" + rlRun "curl --dump-header $header_049 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate049" + rlAssertGrep "HTTP/1.1 200 OK" "$header_049" + rlRun "curl --dump-header $header_049 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate049" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_049" + rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate049" + + rlLog "Enroll the token" + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + rlLog "Delete permanently lost token" + rlRun "curl --dump-header $header_049 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken049" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_049" + + rlRun "curl --dump-header $header_049 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken049" + rlAssertGrep "HTTP/1.1 200 OK" "$header_049" + rlAssertNotGrep "$cuid" "$TmpDir/showToken049" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-050: TPS operations.allowedTransitions - Mark the Enrolled token terminated, format the token" + local cuid="10000000000000000089" + header_050="$TmpDir/header050" + local tps_out="$TmpDir/admin_out_tpsenroll050" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to terminated" + rlRun "curl --dump-header $header_050 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate050" + rlAssertGrep "HTTP/1.1 200 OK" "$header_050" + rlRun "curl --dump-header $header_050 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate050" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_050" + rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate050" + + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format050.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format050.test + /usr/bin/tpsclient < $TmpDir/format050.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + #Cleanup + rlLog "Delete the terminated token" + rlRun "curl --dump-header $header_050 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken050" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_050" + + rlRun "curl --dump-header $header_050 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken050" + rlAssertGrep "HTTP/1.1 200 OK" "$header_050" + rlAssertNotGrep "$cuid" "$TmpDir/showToken050" + rlPhaseEnd + + +rlPhaseStartTest "pki_tps_enrollments-051: TPS operations.allowedTransitions - Mark the Enrolled token terminated, enroll the token" + local cuid="10000000000000000089" + header_051="$TmpDir/header051" + local tps_out="$TmpDir/admin_out_tpsenroll051" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temrinated" + rlRun "curl --dump-header $header_051 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate051" + rlAssertGrep "HTTP/1.1 200 OK" "$header_051" + rlRun "curl --dump-header $header_051 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate051" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_051" + rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate051" + + rlLog "Enroll the token" + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + rlLog "Delete permanently lost token" + rlRun "curl --dump-header $header_051 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken051" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_051" + + rlRun "curl --dump-header $header_051 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken051" + rlAssertGrep "HTTP/1.1 200 OK" "$header_051" + rlAssertNotGrep "$cuid" "$TmpDir/showToken051" + rlPhaseEnd + rlPhaseStartTest "pki_tps_enrollments-052: TPS operations.allowedTransitions - Mark the Enrolled token as physically damaged, temp token is issued" + local cuid="10000000000000000088" + local new_cuid="10000000000000000089" + header_052="$TmpDir/header052" + local tps_out="$TmpDir/admin_out_tpsenroll052" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to physically damaged" + rlRun "curl --dump-header $header_052 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate052" + rlAssertGrep "HTTP/1.1 200 OK" "$header_052" + rlRun "curl --dump-header $header_052 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate052" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_052" + rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate052" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + + #Cleanup + rlLog "Format the temporary token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format52.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format052.test + /usr/bin/tpsclient < $TmpDir/format052.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + + rlLog "Delete the damaged token" + rlRun "curl --dump-header $header_052 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken052" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_052" + + rlRun "curl --dump-header $header_052 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken052" + rlAssertGrep "HTTP/1.1 200 OK" "$header_052" + rlAssertNotGrep "$cuid" "$TmpDir/showToken052" + rlPhaseEnd + + +rlPhaseStartTest "pki_tps_enrollments-053: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, temp token is issued, temporarily lost token is found" + local cuid="10000000000000000088" + local new_cuid="10000000000000000089" + header_053="$TmpDir/header053" + local tps_out="$TmpDir/admin_out_tpsenroll053" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_053 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate053" + rlAssertGrep "HTTP/1.1 200 OK" "$header_053" + rlRun "curl --dump-header $header_053 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate053" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_053" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate053" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + rlLog "Change the state of the token - Temp lost to temp lost token found" + rlRun "curl --dump-header $header_053 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate053" + rlAssertGrep "HTTP/1.1 200 OK" "$header_053" + rlRun "curl --dump-header $header_053 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate053" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_053" + rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate053" + + #Cleanup + rlLog "Format the original token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format53.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format053.test + /usr/bin/tpsclient < $TmpDir/format053.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Format the temporary token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format53.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format053.test + /usr/bin/tpsclient < $TmpDir/format053.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-054: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, no temp token is issued, temporarily lost token is found" + local cuid="10000000000000000088" + header_054="$TmpDir/header054" + local tps_out="$TmpDir/admin_out_tpsenroll054" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_054 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate054" + rlAssertGrep "HTTP/1.1 200 OK" "$header_054" + rlRun "curl --dump-header $header_054 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate054" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_054" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate054" + + rlLog "Change the state of the token - Temp lost to temp lost token found" + rlRun "curl --dump-header $header_054 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=ACTIVE > $TmpDir/changestate054" + rlAssertGrep "HTTP/1.1 200 OK" "$header_054" + rlRun "curl --dump-header $header_054 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate054" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_054" + rlAssertGrep "<Status>ACTIVE</Status>" "$TmpDir/currentstate054" + + #Cleanup + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format54.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format054.test + /usr/bin/tpsclient < $TmpDir/format054.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlPhaseEnd + + +rlPhaseStartTest "pki_tps_enrollments-055: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, temp token is issued, temporarily lost token is terminated" + local cuid="10000000000000000088" + local new_cuid="10000000000000000089" + header_055="$TmpDir/header055" + local tps_out="$TmpDir/admin_out_tpsenroll055" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_055 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate055" + rlAssertGrep "HTTP/1.1 200 OK" "$header_055" + rlRun "curl --dump-header $header_055 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate055" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_055" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate055" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Temp lost to terminated" + rlRun "curl --dump-header $header_055 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate055" + rlAssertGrep "HTTP/1.1 200 OK" "$header_055" + rlRun "curl --dump-header $header_055 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate055" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_055" + rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate055" + + #Cleanup + + rlLog "Format the temporary token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format55.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format055.test + /usr/bin/tpsclient < $TmpDir/format055.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Delete the terminated token token" + rlRun "curl --dump-header $header_055 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken055" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_055" + + rlRun "curl --dump-header $header_055 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken055" + rlAssertGrep "HTTP/1.1 200 OK" "$header_055" + rlAssertNotGrep "$cuid" "$TmpDir/showToken055" + rlPhaseEnd + + + +rlPhaseStartTest "pki_tps_enrollments-056: TPS operations.allowedTransitions - Mark the Enrolled token as temporarily lost, no temp token is issued, temporarily lost token is terminated" + local cuid="10000000000000000088" + header_056="$TmpDir/header056" + local tps_out="$TmpDir/admin_out_tpsenroll056" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temporarily lost" + rlRun "curl --dump-header $header_056 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate056" + rlAssertGrep "HTTP/1.1 200 OK" "$header_056" + rlRun "curl --dump-header $header_056 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate056" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_056" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate056" + + rlLog "Change the state of the token - Temp lost to terminated" + rlRun "curl --dump-header $header_056 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate056" + rlAssertGrep "HTTP/1.1 200 OK" "$header_056" + rlRun "curl --dump-header $header_056 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate056" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_056" + rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate056" + + #Cleanup + + rlLog "Delete the terminated token token" + rlRun "curl --dump-header $header_056 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken056" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_056" + + rlRun "curl --dump-header $header_056 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken056" + rlAssertGrep "HTTP/1.1 200 OK" "$header_056" + rlAssertNotGrep "$cuid" "$TmpDir/showToken056" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-057: TPS operations.allowedTransitions - none set" + local cuid="10000000000000000088" + header_057="$TmpDir/header057" + local tps_out="$TmpDir/admin_out_tpsenroll0057" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlRun "curl --dump-header $header_057 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken057" + rlAssertGrep "HTTP/1.1 200 OK" "$header_057" + foundcuid=$(cat $TmpDir/showToken057 | grep $cuid) + if [ -n "$foundcuid" ]; then + rlLog "Delete the token" + rlRun "curl --dump-header $header_057 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken057" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_057" + rlRun "curl --dump-header $header_057 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken057" + rlAssertGrep "HTTP/1.1 200 OK" "$header_057" + rlAssertNotGrep "$cuid" "$TmpDir/showToken057" + fi + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak057" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlLog "Format an uninitialized token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test + /usr/bin/tpsclient < $TmpDir/format057.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Format a formatted token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format057.test + /usr/bin/tpsclient < $TmpDir/format057.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlPhaseEnd + + +rlPhaseStartTest "pki_tps_enrollments-058: TPS operations.allowedTransitions - Re-enroll a token - Failure" + local cuid="10000000000000000088" + header_058="$TmpDir/header058" + local tps_out="$TmpDir/admin_out_tpsenroll058" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Re-enroll the above token to the same user" + + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + + rlLog "Format the enrolled token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format58.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format058.test + /usr/bin/tpsclient < $TmpDir/format058.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlPhaseEnd +rlPhaseStartTest "pki_tps_enrollments-059: TPS operations.allowedTransitions - Re-enroll a token - add transition 4:4 - Success" + local cuid="10000000000000000088" + header_059="$TmpDir/header059" + local tps_out="$TmpDir/admin_out_tpsenroll059" + rlRun "export SSL_DIR=$CERTDB_DIR" + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak059" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,4:4/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Re-enroll the above token to the same user" + + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Cleanup + + rlLog "Format the enrolled token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format59.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format059.test + /usr/bin/tpsclient < $TmpDir/format059.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-060: TPS operations.allowedTransitions - Re-enroll a token - add transition 4:4 - RE_ENROLL=NO - Failure" + local cuid="10000000000000000088" + header_060="$TmpDir/header060" + local tps_out="$TmpDir/admin_out_tpsenroll060" + rlRun "export SSL_DIR=$CERTDB_DIR" + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak059" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,4:4/g" $tps_conf + sed -i -e "s/^tokendb.defaultPolicy=RE_ENROLL=YES/tokendb.defaultPolicy=RE_ENROLL=NO/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rlLog "$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tokendb.defaultPolicy)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0088.test + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Re-enroll the above token to the same user" + + /usr/bin/tpsclient < $TmpDir/enroll0088.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + + rlLog "Format the enrolled token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format60.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format060.test + /usr/bin/tpsclient < $TmpDir/format060.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-061: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, format the token - Add transition 3:0" + local cuid="10000000000000000089" + header_061="$TmpDir/header061" + local tps_out="$TmpDir/admin_out_tpsenroll061" + rlRun "export SSL_DIR=$CERTDB_DIR" + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak061" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,3:0/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temp lost" + rlRun "curl --dump-header $header_061 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate061" + rlAssertGrep "HTTP/1.1 200 OK" "$header_061" + rlRun "curl --dump-header $header_061 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate061" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_061" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate061" + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format061.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format061.test + /usr/bin/tpsclient < $TmpDir/format061.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-062: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, temp token issued, temp lost token is perm lost, format the perm lost token - Add transition 2:0" + local cuid="10000000000000000089" + local new_cuid="10000000000000000088" + header_062="$TmpDir/header062" + local tps_out="$TmpDir/admin_out_tpsenroll062" + rlRun "export SSL_DIR=$CERTDB_DIR" + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak062" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:0/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers060.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers060.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers060.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temp lost" + rlRun "curl --dump-header $header_062 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate062" + rlAssertGrep "HTTP/1.1 200 OK" "$header_062" + rlRun "curl --dump-header $header_062 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate062" + rlRun "sleep 5" +rlAssertGrep "HTTP/1.1 200 OK" "$header_062" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate062" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Temp lost to perm lost" + rlRun "curl --dump-header $header_062 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate062" + rlAssertGrep "HTTP/1.1 200 OK" "$header_062" + rlRun "curl --dump-header $header_062 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate062" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_062" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate062" + + rlLog "Format the perm lost token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format062.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format062.test + /usr/bin/tpsclient < $TmpDir/format062.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + + rlLog "Format the temp token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format062.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format062.test + /usr/bin/tpsclient < $TmpDir/format062.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-063: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, format the token - Add transition 2:0" + local cuid="10000000000000000089" + header_063="$TmpDir/header063" + local tps_out="$TmpDir/admin_out_tpsenroll063" + rlRun "export SSL_DIR=$CERTDB_DIR" + + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak063" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:0/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers063.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers063.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers063.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to permanently lost" + rlRun "curl --dump-header $header_063 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate063" + rlAssertGrep "HTTP/1.1 200 OK" "$header_063" + rlRun "curl --dump-header $header_063 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate063" + rlRun "sleep 5" +rlAssertGrep "HTTP/1.1 200 OK" "$header_063" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate063" + + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format063.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format063.test + /usr/bin/tpsclient < $TmpDir/format063.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-064: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, format the token - Add transition 1:0" + local cuid="10000000000000000089" + header_064="$TmpDir/header064" + local tps_out="$TmpDir/admin_out_tpsenroll064" + rlRun "export SSL_DIR=$CERTDB_DIR" + + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak064" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,1:0/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers064.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers064.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers064.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to permanently lost" + rlRun "curl --dump-header $header_064 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate064" + rlAssertGrep "HTTP/1.1 200 OK" "$header_064" + rlRun "curl --dump-header $header_064 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate064" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_064" + rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate064" + + + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format064.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format064.test + /usr/bin/tpsclient < $TmpDir/format064.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-065: TPS operations.allowedTransitions - Mark the Enrolled token terminated, format the token - Add transition 6:0" + local cuid="10000000000000000089" + header_065="$TmpDir/header065" + local tps_out="$TmpDir/admin_out_tpsenroll065" + rlRun "export SSL_DIR=$CERTDB_DIR" + + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak065" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,6:0/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers065.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers065.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers065.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to terminated" + rlRun "curl --dump-header $header_065 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate065" + rlAssertGrep "HTTP/1.1 200 OK" "$header_065" + rlRun "curl --dump-header $header_065 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate065" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_065" + rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate065" + + + rlLog "Format the token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format065.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format065.test + /usr/bin/tpsclient < $TmpDir/format065.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + #Cleanup + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-066: TPS operations.allowedTransitions and tokendb.defaultPolicy - none set - BZ 1196278" + local cuid="10000000000000000088" + header_066="$TmpDir/header066" + local tps_out="$TmpDir/admin_out_tpsenroll0066" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlRun "curl --dump-header $header_066 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken066" + rlAssertGrep "HTTP/1.1 200 OK" "$header_066" + foundcuid=$(cat $TmpDir/showToken066 | grep $cuid) + if [ -n "$foundcuid" ]; then + rlLog "Delete the token" + rlRun "curl --dump-header $header_066 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken066" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_066" + rlRun "curl --dump-header $header_066 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken066" + rlAssertGrep "HTTP/1.1 200 OK" "$header_066" + rlAssertNotGrep "$cuid" "$TmpDir/showToken066" + fi + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak066" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=/g" $tps_conf + sed -i -e "s/^tokendb.allowedTransitions=.*/tokendb.allowedTransitions=/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rlLog "Tokendb transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tokendb.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers066.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers066.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers066.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + rlLog "Format an uninitialized token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format066.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format066.test + /usr/bin/tpsclient < $TmpDir/format066.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Format a formatted token" + + /usr/bin/tpsclient < $TmpDir/format066.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278#c2" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + #rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-067: TPS operations.allowedTransitions - Mark the Enrolled token terminated, enroll the token - Add transition 6:4 - BZ 1196278" + local cuid="10000000000000000089" + header_067="$TmpDir/header067" + local tps_out="$TmpDir/admin_out_tpsenroll067" + rlRun "export SSL_DIR=$CERTDB_DIR" + + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak067" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,6:4/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers067.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers067.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + new_ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to terminated" + rlRun "curl --dump-header $header_067 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TERMINATED > $TmpDir/changestate067" + rlAssertGrep "HTTP/1.1 200 OK" "$header_067" + rlRun "curl --dump-header $header_067 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate067" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_067" + rlAssertGrep "<Status>TERMINATED</Status>" "$TmpDir/currentstate067" + + rlLog "Enroll a the token for the same user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "Enroll the token for a different user" + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278" + + #Cleanup + rlLog "Delete the terminated token token" + rlRun "curl --dump-header $header_067 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken067" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_067" + + rlRun "curl --dump-header $header_067 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken067" + rlAssertGrep "HTTP/1.1 200 OK" "$header_067" + rlAssertNotGrep "$cuid" "$TmpDir/showToken067" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + + new_ldap_user=$(cat $TmpDir/ldapusers067.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-068: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, enroll the token - Add transition 3:4 - BZ 1196308" + local cuid="10000000000000000089" + header_068="$TmpDir/header068" + local tps_out="$TmpDir/admin_out_tpsenroll068" + rlRun "export SSL_DIR=$CERTDB_DIR" + + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak068" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,3:4/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers068.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers068.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers068.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + new_ldap_user=$(cat $TmpDir/ldapusers068.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temp lost" + rlRun "curl --dump-header $header_068 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate068" + rlAssertGrep "HTTP/1.1 200 OK" "$header_068" + rlRun "curl --dump-header $header_068 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate068" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_068" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate068" + + rlLog "Enroll the token for the same user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196308" + + rlLog "Enroll the token for a different user" + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + rlLog "Delete the terminated token token" + rlRun "curl --dump-header $header_068 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken068" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_068" + + rlRun "curl --dump-header $header_068 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken068" + rlAssertGrep "HTTP/1.1 200 OK" "$header_068" + rlAssertNotGrep "$cuid" "$TmpDir/showToken068" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-069: TPS operations.allowedTransitions - Mark the Enrolled token temp lost, temp token issued, temp lost token is perm lost, enroll the perm lost token - Add transition 2:4 - BZ 1196278" + local cuid="10000000000000000089" + local new_cuid="10000000000000000088" + header_069="$TmpDir/header069" + local tps_out="$TmpDir/admin_out_tpsenroll069" + rlRun "export SSL_DIR=$CERTDB_DIR" + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak069" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:4/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers069.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers069.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers069.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + new_ldap_user=$(cat $TmpDir/ldapusers069.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to temp lost" + rlRun "curl --dump-header $header_069 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST > $TmpDir/changestate069" + rlAssertGrep "HTTP/1.1 200 OK" "$header_069" + rlRun "curl --dump-header $header_069 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate069" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_069" + rlAssertGrep "<Status>TEMP_LOST</Status>" "$TmpDir/currentstate069" + + #Enroll a new token for the same user + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Temp lost to perm lost" + rlRun "curl --dump-header $header_069 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=TEMP_LOST_PERM_LOST > $TmpDir/changestate069" + rlAssertGrep "HTTP/1.1 200 OK" "$header_069" + rlRun "curl --dump-header $header_069 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate069" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_069" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate069" + + rlLog "Enroll the token for the same user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "Enroll the token for a different user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278" + + #Cleanup + + rlLog "Format the temp token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format069.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $new_cuid $ldap_user $passwd $TmpDir/format069.test + /usr/bin/tpsclient < $TmpDir/format069.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Delete the perm lost token token" + rlRun "curl --dump-header $header_069 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken069" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_069" + + rlRun "curl --dump-header $header_069 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken069" + rlAssertGrep "HTTP/1.1 200 OK" "$header_069" + rlAssertNotGrep "$cuid" "$TmpDir/showToken069" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $new_cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-070: TPS operations.allowedTransitions - Mark the Enrolled token physically damaged, enroll the token - Add transition 1:4 - BZ 1196278" + local cuid="10000000000000000089" + header_070="$TmpDir/header070" + local tps_out="$TmpDir/admin_out_tpsenroll070" + rlRun "export SSL_DIR=$CERTDB_DIR" + + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak070" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,1:4/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers070.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers070.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers070.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + new_ldap_user=$(cat $TmpDir/ldapusers070.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to physically damaged" + rlRun "curl --dump-header $header_070 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=DAMAGED > $TmpDir/changestate070" + rlAssertGrep "HTTP/1.1 200 OK" "$header_070" + rlRun "curl --dump-header $header_070 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate070" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_070" + rlAssertGrep "<Status>DAMAGED</Status>" "$TmpDir/currentstate070" + + rlLog "Enroll the token for the same user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + rlLog "Enroll the token for a different user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278" + + #Cleanup + rlLog "Delete the damaged token" + rlRun "curl --dump-header $header_070 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken070" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_070" + + rlRun "curl --dump-header $header_070 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken070" + rlAssertGrep "HTTP/1.1 200 OK" "$header_070" + rlAssertNotGrep "$cuid" "$TmpDir/showToken070" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-071: TPS operations.allowedTransitions - Mark the Enrolled token permanently lost, enroll the token - Add transition 2:4 - BZ 1196278" + local cuid="10000000000000000089" + header_071="$TmpDir/header071" + local tps_out="$TmpDir/admin_out_tpsenroll071" + rlRun "export SSL_DIR=$CERTDB_DIR" + + transitions=$(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2) + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak071" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=$transitions,2:4/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers071.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers071.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers071.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + new_ldap_user=$(cat $TmpDir/ldapusers071.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + rlLog "Change the state of the token - Enrolled to physically damaged" + rlRun "curl --dump-header $header_071 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid?status=PERM_LOST > $TmpDir/changestate071" + rlAssertGrep "HTTP/1.1 200 OK" "$header_071" + rlRun "curl --dump-header $header_071 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/currentstate071" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_071" + rlAssertGrep "<Status>PERM_LOST</Status>" "$TmpDir/currentstate071" + + rlLog "Enroll the token for the same user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278" + + rlLog "Enroll the token for a different user" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + #Cleanup + rlLog "Delete the damaged token" + rlRun "curl --dump-header $header_071 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken071" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_071" + + rlRun "curl --dump-header $header_071 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken071" + rlAssertGrep "HTTP/1.1 200 OK" "$header_071" + rlAssertNotGrep "$cuid" "$TmpDir/showToken071" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-072: Two Agent users approve the profile change at the same time" + header_073="$TmpDir/header073" + local tps_out="$TmpDir/admin_out_tpsenroll073" + local cuid="10000000000000000073" + rlRun "export SSL_DIR=$CERTDB_DIR" + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers073.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers073.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers073.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Check the status of userKey Profile is Enabled" + rlRun "curl --dump-header $header_073 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate073" + rlAssertGrep "HTTP/1.1 200 OK" "$header_073" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate073" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile073" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile073" 0 "Download user key profile to a file" + rlLog "Agent disables the profile userKey" + rlRun "curl --dump-header $header_073 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate073" + rlAssertGrep "HTTP/1.1 200 OK" "$header_073" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile." + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile073 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile073 + rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval" + rlRun "curl --dump-header $header_073 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile073 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize073" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_073" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize073" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Two Agent users approve and enable the profile" + + username="Valid_TPS_Agent" + rlRun "pki -d $CERTDB_DIR \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + user-add --fullName=\"$username\" $valid_agent1_cert" 0 "Add user $valid_agent1_cert to TPS" + rlRun "pki -d $CERTDB_DIR \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + group-member-add \"TPS Agents\" $valid_agent1_cert" \ + 0 \ + "Add user $valid_agent1_cert to TPS Agents" + local temp_file="$CERTDB_DIR/certrequest_001.xml" + rlRun "pki -d $CERTDB_DIR \ + -n \"$tmp_ca_admin\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t ca \ + -p $tmp_ca_port \ + cert-request-profile-show caUserCert --output $temp_file" \ + 0 \ + "Enrollment Template for Profile caUserCert" + rlRun "generate_PKCS10 \"$CERTDB_DIR\" \"$CERTDB_DIR_PASSWORD\" rsa 2048 \"$CERTDB_DIR/request_001.out\" \"CN=admin1V\" " 0 "generate PKCS10 certificate" + rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out" + rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out" + rlRun "dos2unix $CERTDB_DIR/request_001.out" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v 'pkcs10' $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $CERTDB_DIR/request_001.out)\" $temp_file" 0 "adding certificate request" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v $valid_agent1_cert $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v $valid_agent1_cert@example.com $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v $username $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v Engineering $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v Example $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v US $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v $valid_agent1_cert $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $valid_agent1_cert@example.com $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file" + + subsystem=ca + rlLog "Executing: pki cert-request-submit $temp_file" + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest.out" 0 "Executing pki cert-request-submit" + rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest.out" + rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest.out" + rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest.out" + rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest.out" + local request_id=`cat $CERTDB_DIR/certrequest.out | grep "Request ID:" | awk '{print $3}'` + rlLog "Request ID=$request_id" + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001.out" 0 "Executing pki cert-request-show $request_id" + rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001.out" + rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001.out" + rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001.out" + rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001.out" + + rlRun "pki -d $CERTDB_DIR \ + -n \"$tmp_ca_agent\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t ca \ + -p $tmp_ca_port \ + cert-request-review $request_id --action=approve > $CERTDB_DIR/certapprove_001.out" \ + 0 \ + "CA agent approve the cert" + rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001.out" + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ca-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $request_id" + rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001.out" + rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001.out" + rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001.out" + rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_001.out" + local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'` + rlLog "Cerificate Serial Number=$certificate_serial_number" + + #Verify the certificate is valid + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001.out" 0 "Executing pki cert-show $certificate_serial_number" + rlAssertGrep "Subject: UID=$valid_agent1_cert,E=$valid_agent1_cert@example.com,CN=$username,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001.out" + rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001.out" + + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_001.out > $CERTDB_DIR/validcert_001.pem" + rlRun "certutil -d $CERTDB_DIR -A -n $valid_agent1_cert -i $CERTDB_DIR/validcert_001.pem -t "u,u,u"" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + user-cert-add $valid_agent1_cert --input $CERTDB_DIR/validcert_001.pem > $CERTDB_DIR/useraddcert_001.out" \ + 0 \ + "Cert is added to the user $valid_agent1_cert" + + echo "$valid_agent1_cert" > $TmpDir/commands073 + echo "$valid_agent_cert" >> $TmpDir/commands073 + rlRun "sleep 5" + rlRun "cat $TmpDir/commands073 | xargs -n2 -I % curl --dump-header $header_073 -E \"%:$CERTDB_DIR_PASSWORD\" -X POST -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/xargs-result073" 0 "Two agents approves the profile change" + rlAssertGrep "Enabled" "$TmpDir/xargs-result073" + rlAssertGrep "Invalid action: approve" "$TmpDir/xargs-result073" + rlRun "sleep 10" + rlLog "Enroll a token" + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0073.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0073.test + /usr/bin/tpsclient < $TmpDir/enroll0073.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Revert the changes + + rlRun "curl --dump-header $header_073 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate073" + rlAssertGrep "HTTP/1.1 200 OK" "$header_073" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile." + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile073 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile073 + rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval" + rlRun "curl --dump-header $header_073 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile073 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize073" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_073" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize073" + + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Approve as an agent user" + rlRun "curl --dump-header $header_073 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate073" + rlAssertGrep "HTTP/1.1 200 OK" "$header_073" + + rlLog "Format a token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format073.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format073.test + /usr/bin/tpsclient < $TmpDir/format073.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + user-del $valid_agent1_cert" 0 "Delete user $valid_agent1_cert" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-073: Two Admin users edit the same params at the same time" + header_074="$TmpDir/header074" + local tps_out="$TmpDir/admin_out_tpsenroll074" + local cuid="10000000000000000074" + rlRun "export SSL_DIR=$CERTDB_DIR" + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 1 > $TmpDir/ldapusers074.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers074.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers074.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Check the status of userKey Profile is Enabled" + rlRun "curl --dump-header $header_074 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/currentstate074" + rlAssertGrep "HTTP/1.1 200 OK" "$header_074" + rlAssertGrep "<Status>Enabled</Status>" "$TmpDir/currentstate074" + rlLog "Download userKey profile properties" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile074" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_cert -h $tmp_tps_host -p $target_unsecure_port tps-profile-show userKey --output $TmpDir/userkey-profile074" 0 "Download user key profile to a file" + rlLog "Agent disables the profile userKey" + rlRun "curl --dump-header $header_074 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate074" + rlAssertGrep "HTTP/1.1 200 OK" "$header_074" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile." + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/g" $TmpDir/userkey-profile074 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/g" $TmpDir/userkey-profile074 + rlLog "Edit userKey profile - by two admin users" + + username="Valid_TPS_Admin" + rlRun "pki -d $CERTDB_DIR \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + user-add --fullName=\"$username\" $valid_admin1_cert" 0 "Add user $valid_admin1_cert to TPS" + rlRun "pki -d $CERTDB_DIR \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + group-member-add \"Administrators\" $valid_admin1_cert" \ + 0 \ + "Add user $valid_admin1_cert to Administrators" + local temp_file="$CERTDB_DIR/certrequest_001.xml" + rlRun "pki -d $CERTDB_DIR \ + -n \"$tmp_ca_admin\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t ca \ + -p $tmp_ca_port \ + cert-request-profile-show caUserCert --output $temp_file" \ + 0 \ + "Enrollment Template for Profile caUserCert" + rlRun "generate_PKCS10 \"$CERTDB_DIR\" \"$CERTDB_DIR_PASSWORD\" rsa 2048 \"$CERTDB_DIR/request_001.out\" \"CN=admin1V\" " 0 "generate PKCS10 certificate" + rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out" + rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_001.out" + rlRun "dos2unix $CERTDB_DIR/request_001.out" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v 'pkcs10' $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $CERTDB_DIR/request_001.out)\" $temp_file" 0 "adding certificate request" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v $valid_admin1_cert $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v $valid_admin1_cert@example.com $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v $username $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v Engineering $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v Example $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v US $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v $valid_admin1_cert $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $valid_admin1_cert@example.com $temp_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file" + subsystem=ca + rlLog "Executing: pki cert-request-submit $temp_file" + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest.out" 0 "Executing pki cert-request-submit" + rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest.out" + rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest.out" + rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest.out" + rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest.out" + local request_id=`cat $CERTDB_DIR/certrequest.out | grep "Request ID:" | awk '{print $3}'` + rlLog "Request ID=$request_id" + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001.out" 0 "Executing pki cert-request-show $request_id" + rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001.out" + rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001.out" + rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001.out" + rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001.out" + + rlRun "pki -d $CERTDB_DIR \ + -n \"$tmp_ca_agent\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t ca \ + -p $tmp_ca_port \ + cert-request-review $request_id --action=approve > $CERTDB_DIR/certapprove_001.out" \ + 0 \ + "CA agent approve the cert" + rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001.out" + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ca-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $request_id" + rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001.out" + rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001.out" + rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001.out" + rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_001.out" + local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'` + rlLog "Cerificate Serial Number=$certificate_serial_number" + + #Verify the certificate is valid + rlRun "pki -p $tmp_ca_port -h $tmp_tps_host ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001.out" 0 "Executing pki cert-show $certificate_serial_number" + rlAssertGrep "Subject: UID=$valid_admin1_cert,E=$valid_admin1_cert@example.com,CN=$username,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001.out" + rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001.out" + + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_001.out > $CERTDB_DIR/validcert_001.pem" + rlRun "certutil -d $CERTDB_DIR -A -n $valid_admin1_cert -i $CERTDB_DIR/validcert_001.pem -t "u,u,u"" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + user-cert-add $valid_admin1_cert --input $CERTDB_DIR/validcert_001.pem > $CERTDB_DIR/useraddcert_001.out" \ + 0 \ + "Cert is added to the user $valid_admin1_cert" + + + echo "$valid_admin1_cert" > $TmpDir/commands074 + echo "$valid_admin_cert" >> $TmpDir/commands074 + rlRun "sleep 5" + rlRun "cat $TmpDir/commands074 | xargs -n2 -I % curl --dump-header $header_074 -E \"%:$CERTDB_DIR_PASSWORD\" -H \"Content-Type: application/xml\" -X PATCH --data @$TmpDir/userkey-profile074 -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/xargs-result074" 0 "Two admin users edit the profile" + rlAssertGrep "Unable to update profile userKey" "$TmpDir/xargs-result074" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048" "$TmpDir/xargs-result074" + rlAssertGrep "<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048" "$TmpDir/xargs-result074" + rlAssertGrep "Pending_Approval" "$TmpDir/xargs-result074" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Agent approves the profile userKey" + rlRun "curl --dump-header $header_074 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate074" + rlAssertGrep "HTTP/1.1 200 OK" "$header_074" + rlAssertGrep "Enabled" "$TmpDir/changestate074" + rlRun "sleep 10" + rlLog "Enroll a token" + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0074.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0074.test + /usr/bin/tpsclient < $TmpDir/enroll0074.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + + #Revert the changes + + rlRun "curl --dump-header $header_074 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=disable > $TmpDir/changestate074" + rlAssertGrep "HTTP/1.1 200 OK" "$header_074" + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Edit the userKey Profile xml file by changing the encryption key and signing key keySize and update the profile." + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.encryption.keySize\">1024/g" $TmpDir/userkey-profile074 + sed -i -e "s/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">2048/<Property name=\"op.enroll.userKey.keyGen.signing.keySize\">1024/g" $TmpDir/userkey-profile074 + rlLog "Edit userKey profile - key size of encryption key 1024-2048 and the verify the state of the profile is pending approval" + rlRun "curl --dump-header $header_074 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -H \"Content-Type: application/xml\" \ + -X PATCH \ + --data @$TmpDir/userkey-profile074 \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey > $TmpDir/changekeysize074" + rlRun "sleep 5" + rlAssertGrep "HTTP/1.1 200 OK" "$header_074" + rlAssertGrep "<Status>Pending_Approval</Status>" "$TmpDir/changekeysize074" + + rlLog "Timestamp is $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep config.Profiles.userKey.timestamp | cut -d= -f2)" + rlLog "Approve as an agent user" + rlRun "curl --dump-header $header_074 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -X POST \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/profiles/userKey?action=approve > $TmpDir/changestate074" + rlAssertGrep "HTTP/1.1 200 OK" "$header_074" + + rlLog "Format a token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format074.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format074.test + /usr/bin/tpsclient < $TmpDir/format074.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + rlRun "pki -d $CERTDB_DIR \ + -n \"$valid_admin_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -t tps \ + -p $target_unsecure_port \ + user-del $valid_admin1_cert" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_enrollments-074: TPS operations.allowedTransitions - random junk value - BZ 1196278" + local cuid="10000000000000000088" + header_072="$TmpDir/header072" + local tps_out="$TmpDir/admin_out_tpsenroll0072" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlRun "curl --dump-header $header_072 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken072" + rlAssertGrep "HTTP/1.1 200 OK" "$header_072" + foundcuid=$(cat $TmpDir/showToken072 | grep $cuid) + if [ -n "$foundcuid" ]; then + rlLog "Delete the token" + rlRun "curl --dump-header $header_072 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -X DELETE \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens/$cuid > $TmpDir/deleteToken072" + rlAssertGrep "HTTP/1.1 204 No Content" "$header_072" + rlRun "curl --dump-header $header_072 \ + -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \ + -k https://$tmp_tps_host:$target_secure_port/tps/rest/tokens > $TmpDir/showToken072" + rlAssertGrep "HTTP/1.1 200 OK" "$header_072" + rlAssertNotGrep "$cuid" "$TmpDir/showToken072" + fi + + tps_conf="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg" + tps_conf_bak="/var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg.bak072" + rlRun "cp $tps_conf $tps_conf_bak" + sed -i -e "s/^tps.operations.allowedTransitions=.*/tps.operations.allowedTransitions=junk\$^@123&/g" $tps_conf + rlLog "TPS transitions: $(cat /var/lib/pki/$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME)/tps/conf/CS.cfg | grep ^tps.operations.allowedTransitions | cut -d= -f2)" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + passwd="redhat" + rlRun "create_dir_user $(eval echo \$${TPS_INST}_DB_SUFFIX) 2 > $TmpDir/ldapusers072.ldif" + rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -f $TmpDir/ldapusers072.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment" + ldap_user=$(cat $TmpDir/ldapusers072.ldif | grep -x "uid: idmuser1" | cut -d ':' -f2 | tr -d ' ') + new_ldap_user=$(cat $TmpDir/ldapusers072.ldif | grep -x "uid: idmuser2" | cut -d ':' -f2 | tr -d ' ') + + rlLog "Format an uninitialized token" + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test + /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlLog "Format a formatted token" + + /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Failure" "$tps_out" + + rlLog "Enroll a formatted token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0089.test + /usr/bin/tpsclient < $TmpDir/enroll0089.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Failure" "$tps_out" + + cuid="10000000000000000090" + + rlLog "Enroll an uninitialized token" + + rlLog "gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/enroll0090.test" + gen_enroll_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/enroll0090.test + /usr/bin/tpsclient < $TmpDir/enroll0090.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_enroll' Success" "$tps_out" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1196278" + + #Cleanup + rlLog "gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $new_ldap_user $passwd $TmpDir/format072.test" + gen_format_data_file $tmp_tps_host $target_unsecure_port $cuid $ldap_user $passwd $TmpDir/format072.test + /usr/bin/tpsclient < $TmpDir/format072.test > $tps_out 2>&1 + rlRun "sleep 20" + rlAssertGrep "Operation 'ra_format' Success" "$tps_out" + + rlRun "cp $tps_conf_bak $tps_conf" + rhcs_stop_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + + rhcs_start_instance $(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) + rlRun "rm -rf $tps_conf_bak" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_admin_user -h $tmp_tps_host -p $target_unsecure_port tps-token-del $cuid" 0 "Delete token" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$new_ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"uid=$ldap_user,ou=People,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlRun "ldapdelete -x -h $tmp_tps_host -p $(eval echo \$${TPS_INST}_LDAP_PORT) -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD \"cn=idmusers,ou=Groups,$(eval echo \$${TPS_INST}_DB_SUFFIX)\"" + rlPhaseEnd + + + rlPhaseStartSetup "pki_console_acl-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh index 69b3f5097..482b81b5f 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh @@ -38,6 +38,7 @@ . /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh . /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/rhcs-install-shared.sh . /opt/rhqa_pki/env.sh @@ -207,7 +208,7 @@ rhcs_install_kra() { #Install and configure RHDS instance rlLog "Creating LDAP server Instance to configure KRA" - rlRun "rhds_install $(eval echo \$KRA${number}_LDAP_PORT) $(eval echo \$KRA${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$KRA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for KRA install" 0 "Install LDAP Instance" + rlRun "rhds_install $(eval echo \$KRA${number}_LDAP_PORT) $(eval echo \$KRA${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$KRA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for KRA install" #Install KRA rlLog "Creating KRA Instance" @@ -343,7 +344,7 @@ rhcs_install_ocsp() { local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER) #Install and configure RHDS instance rlLog "Creating LDAP server Instance to configure OCSP" - rlRun "rhds_install $(eval echo \$OCSP${number}_LDAP_PORT) $(eval echo \$OCSP${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$OCSP${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for OCSP install" 0 "Install LDAP Instance" + rlRun "rhds_install $(eval echo \$OCSP${number}_LDAP_PORT) $(eval echo \$OCSP${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$OCSP${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for OCSP install" #Install OCSP rlLog "Creating OCSP Instance" @@ -460,19 +461,19 @@ rhcs_install_ocsp() { rhcs_install_tks() { rlPhaseStartTest "rhcs_install_tks - Install RHCS TKS Server" rlLog "$FUNCNAME" - local INSTANCECFG="/tmp/tks_instance.inf" - local INSTANCE_CREATE_OUT="/tmp/tks_instance_create.out" - local SUBSYSTEM_NAME=$(echo TKS${number}) - rhcs_install_prep_disableFirewall - #Install and configure RHDS instance - rlLog "Creating LDAP server Instance to configure TKS" - rlRun "rhds_install $(eval echo \$TKS${number}_LDAP_PORT) $(eval echo \$TKS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TKS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TKS install" 0 "Install LDAP Instance" local number=$1 local master_hostname=$2 local CA=$3 local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-) local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER) local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT) + local INSTANCECFG="/tmp/tks_instance.inf" + local INSTANCE_CREATE_OUT="/tmp/tks_instance_create.out" + local SUBSYSTEM_NAME=$(echo TKS${number}) + rhcs_install_prep_disableFirewall + #Install and configure RHDS instance + rlLog "Creating LDAP server Instance to configure TKS" + rlRun "rhds_install $(eval echo \$TKS${number}_LDAP_PORT) $(eval echo \$TKS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TKS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TKS install" #Install TKS rlLog "Creating TKS Instance" rlLog "Setting up Dogtag TKS instance ............." @@ -569,7 +570,7 @@ rhcs_install_tks() { rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" exp_message5="The URL for the subsystem is:" rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" - exp_message5_1="https://$(hostname):$(eval echo \$${CA}_SECURE_PORT)/tks" + exp_message5_1="https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/tks" rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" # echo "export TKS_SERVER_ROOT=/var/lib/pki/$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)/tks" >> /opt/rhqa_pki/env.sh mkdir -p $CLIENT_PKCS12_DIR @@ -577,7 +578,137 @@ rhcs_install_tks() { rlPhaseEnd } +########################################################### +# TPS INSTALL TESTS # +########################################################### +rhcs_install_tps() { + rlPhaseStartTest "rhcs_install_tps - Install RHCS TPS Server" + rlLog "$FUNCNAME" + local number=$1 + local master_hostname=$2 + local CA=$3 + local KRA=$4 + local TKS=$5 + local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-) + local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER) + local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT) + local INSTANCECFG="/tmp/tps_instance.inf" + local INSTANCE_CREATE_OUT="/tmp/tps_instance_create.out" + local SUBSYSTEM_NAME=$(echo TPS${number}) + rhcs_install_prep_disableFirewall + #Install and configure RHDS instance + rlLog "Creating LDAP server Instance to configure TPS" + rlRun "rhds_install $(eval echo \$TPS${number}_LDAP_PORT) $(eval echo \$TPS${number}_LDAP_INSTANCE_NAME) \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $(eval echo \$TPS${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for TPS install" + #Install TPS + rlLog "Creating TPS Instance" + rlLog "Setting up Dogtag TPS instance ............." + echo "[DEFAULT]" > $INSTANCECFG + echo "pki_instance_name=$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_https_port=$(eval echo \$TPS${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_http_port=$(eval echo \$TPS${number}_UNSECURE_PORT)" >> $INSTANCECFG + echo "pki_ajp_port=$(eval echo \$TPS${number}_AJP_PORT)" >> $INSTANCECFG + echo "pki_tomcat_server_port=$(eval echo \$TPS${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG + echo "pki_user=$USER" >> $INSTANCECFG + echo "pki_group=$GROUP" >> $INSTANCECFG + echo "pki_audit_group=$GROUP_AUDIT" >> $INSTANCECFG + echo "pki_token_name=$ROOTCA_TOKEN_NAME" >> $INSTANCECFG + echo "pki_token_password=$ROOTCA_TOKEN_PASSWORD" >> $INSTANCECFG + echo "pki_client_pkcs12_password=$(eval echo \$TPS${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG + echo "pki_admin_password=$(eval echo \$TPS${number}_ADMIN_PASSWORD)" >> $INSTANCECFG + + echo "[TPS]" >> $INSTANCECFG + + echo "pki_subsytem_key_type=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_TYPE)" >> $INSTANCECFG + echo "pki_subsystem_key_size=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_SIZE)" >> $INSTANCECFG + echo "pki_subsystem_key_algorithm=$(eval echo \$TPS${number}_SUBSYSTEM_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_subsystem_signing_algorithm=$(eval echo \$TPS${number}_SUBSYSTEM_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_subsystem_token=$(eval echo \$TPS${number}_SUBSYSTEM_TOKEN )" >> $INSTANCECFG + echo "pki_subsystem_nickname=$(eval echo \$TPS${number}_SUBSYSTEM_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_subsystem_subject_dn=$(eval echo \$TPS${number}_SUBSYSTEM_SUBJECT_DN)" >> $INSTANCECFG + echo "pki_audit_signing_key_type=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_TYPE)" >> $INSTANCECFG + echo "pki_audit_signing_key_size=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_SIZE)" >> $INSTANCECFG + echo "pki_audit_signing_key_algorithm=$(eval echo \$TPS${number}_AUDIT_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_audit_signing_signing_algorithm=$(eval echo \$TPS${number}_AUDIT_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_audit_signing_token=$(eval echo \$TPS${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG + echo "pki_audit_signing_nickname=$(eval echo \$TPS${number}_AUDIT_SIGNING_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_audit_signing_subject_dn=$(eval echo \$TPS${number}_AUDIT_SIGNING_SUBJECT_DN)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$TPS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$TPS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$TPS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$TPS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$TPS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$TPS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$TPS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG + + echo "pki_admin_name=$(eval echo \$TPS${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_admin_uid=$(eval echo \$TPS${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_admin_email=$(eval echo \$TPS${number}_ADMIN_EMAIL)" >> $INSTANCECFG + echo "pki_admin_dualkey=$(eval echo \$TPS${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG + echo "pki_admin_key_size=$(eval echo \$TPS${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG + echo "pki_admin_key_type=$(eval echo \$TPS${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG + echo "pki_admin_subject_dn=$(eval echo \$TPS${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG + echo "pki_admin_nickname=$(eval echo \$TPS${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_import_admin_cert=$IMPORT_ADMIN_CERT_NONCA" >> $INSTANCECFG + echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG + echo "pki_client_admin_cert_p12=$CLIENT_DIR/$(eval echo \$TPS${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG + echo "pki_issuing_ca_hostname=$master_hostname" >> $INSTANCECFG + echo "pki_issuing_ca_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_issuing_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_ca_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_enable_server_side_keygen=$(eval echo \$TPS${number}_SERVER_KEYGEN)" >> $INSTANCECFG + echo "pki_kra_uri=https://$master_hostname:$(eval echo \$${KRA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_tks_uri=https://$master_hostname:$(eval echo \$${TKS}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_authdb_hostname=$(eval echo \$TPS${number}_AUTHDB_HOST)" >> $INSTANCECFG + echo "pki_authdb_port=$(eval echo \$TPS${number}_LDAP_PORT)" >> $INSTANCECFG + echo "pki_authdb_basedn=$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG + echo "pki_backup_keys=$(eval echo \$${CA}_BACKUP)" >> $INSTANCECFG + echo "pki_backup_password=$(eval echo \$TPS${number}_BACKUP_PASSWORD)" >> $INSTANCECFG + echo "pki_client_database_dir=$(eval echo \$${CA}_CERTDB_DIR)" >> $INSTANCECFG + echo "pki_client_database_password=$(eval echo \$${CA}_CERTDB_DIR_PASSWORD)" >> $INSTANCECFG + echo "pki_client_database_purge=$CLIENT_DB_PURGE" >> $INSTANCECFG + echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG + echo "pki_security_domain_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG + echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG + echo "pki_ds_hostname=$LDAP_HOSTNAME" >> $INSTANCECFG + echo "pki_ds_ldap_port=$(eval echo \$TPS${number}_LDAP_PORT)" >> $INSTANCECFG + echo "pki_ds_bind_dn=$LDAP_ROOTDN" >> $INSTANCECFG + echo "pki_ds_password=$LDAP_ROOTDNPWD" >> $INSTANCECFG + echo "pki_ds_secure_connection=$SECURE_CONN" >> $INSTANCECFG + echo "pki_ds_remove_data=$REMOVE_DATA" >> $INSTANCECFG + echo "pki_ds_base_dn =$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG + echo "pki_ds_database=$(eval echo \$TPS${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_restart_configured_instance=$RESTART_INSTANCE" >> $INSTANCECFG + echo "pki_skip_configuration=$SKIP_CONFIG" >> $INSTANCECFG + echo "pki_skip_installation=$SKIP_INSTALL" >> $INSTANCECFG + echo "pki_enable_access_log=$ENABLE_ACCESS_LOG" >> $INSTANCECFG + echo "pki_enable_java_debugger=$ENABLE_JAVA_DEBUG" >> $INSTANCECFG + echo "pki_security_manager=$SECURITY_MANAGER" >> $INSTANCECFG + cat $INSTANCECFG + rlLog "EXECUTING: pkispawn -s TPS -f $INSTANCECFG -v " + rlRun "pkispawn -s TPS -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1" + cat $INSTANCE_CREATE_OUT + exp_message1="Administrator's username: $(eval echo \$TPS${number}_ADMIN_USER)" + rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" + exp_message3_1="To check the status of the subsystem:" + rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT" + exp_message4_1="To restart the subsystem:" + rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" + exp_message5="The URL for the subsystem is:" + rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" + exp_message5_1="https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/tps" + rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" + # echo "export TKS_SERVER_ROOT=/var/lib/pki/$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)/tks" >> /opt/rhqa_pki/env.sh + mkdir -p $CLIENT_PKCS12_DIR + mv /var/lib/pki/$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)/alias/tps_backup_keys.p12 $CLIENT_PKCS12_DIR + rlPhaseEnd +} rhcs_install_prep_disableFirewall() { @@ -604,7 +735,8 @@ rhcs_install_cloneCA() #Install and configure RHDS instance rlLog "Creating LDAP server Instance" rhcs_install_set_ldap_vars - rlRun "rhds_install $(eval echo \$CLONE_CA${number}_LDAP_PORT) $(eval echo \$CLONE_CA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${CA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance" + rlRun "mkdir /tmp/dummydir" + rlRun "rhds_install $(eval echo \$CLONE_CA${number}_LDAP_PORT) $(eval echo \$CLONE_CA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${CA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" #Install CA rlLog "Creating CLONE CA Instance" @@ -631,6 +763,8 @@ rhcs_install_cloneCA() echo "pki_clone_repicate_schema=$REPLICATE_SCHEMA" >> $INSTANCECFG echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG + echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG echo "[CA]" >> $INSTANCECFG @@ -709,7 +843,7 @@ rhcs_install_SubCA(){ local SUBCA${number}_DOMAIN=`hostname -d` rlLog "Creating LDAP server Instance" rhcs_install_set_ldap_vars - rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance" + rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" #Install eval echo $(eval echo $SUBCA${number} INSTANCE rlLog "Setting up Dogtag SUBCA instance ............." echo "[DEFAULT]" > $INSTANCECFG @@ -734,9 +868,9 @@ rhcs_install_SubCA(){ echo "[CA]" >> $INSTANCECFG - echo "pki_subordinate=True" >> $INSTANCECFG - echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG - echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_subordinate=True" >> $INSTANCECFG + echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_issuing_ca=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "pki_admin_uid=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG echo "pki_admin_email=$(eval echo \$SUBCA${number}_ADMIN_EMAIL)" >> $INSTANCECFG echo "pki_admin_dualkey=$(eval echo \$SUBCA${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG @@ -851,7 +985,7 @@ rhcs_install_cloneKRA(){ #Install and configure RHDS instance rlLog "Creating LDAP server Instance" rhcs_install_set_ldap_vars - rlRun "rhds_install $(eval echo \$CLONE_KRA${number}_LDAP_PORT) $(eval echo \$CLONE_KRA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_KRA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance" + rlRun "rhds_install $(eval echo \$CLONE_KRA${number}_LDAP_PORT) $(eval echo \$CLONE_KRA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_KRA}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" #Install KRA CLONE rlLog "Creating CLONE KRA Instance" @@ -879,6 +1013,8 @@ rhcs_install_cloneKRA(){ echo "pki_clone_replication_clone_port=$(eval echo \$CLONE_KRA${number}_LDAP_PORT)" >> $INSTANCECFG echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG + echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG + echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "[KRA]" >> $INSTANCECFG @@ -939,7 +1075,7 @@ rhcs_install_cloneKRA(){ rhcs_install_cloneOCSP(){ - rlPhaseStartTest "rhcs_install_CLONEOCSP_only - Install RHCS CLONE OCSP SERVER" + rlPhaseStartTest "rhcs_install_CLONEOCSP_only - Install RHCS CLONE OCSP SERVER - Ticket 1058" local INSTANCECFG="/tmp/cloneocsp_instance.inf" local INSTANCE_CREATE_OUT="/tmp/cloneocsp_instance_create.out" rlLog "$FUNCNAME" @@ -954,7 +1090,8 @@ rhcs_install_cloneOCSP(){ #Install and configure RHDS instance rlLog "Creating LDAP server Instance" rhcs_install_set_ldap_vars - rlRun "rhds_install $(eval echo \$CLONE_OCSP${number}_LDAP_PORT) $(eval echo \$CLONE_OCSP${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_OCSP}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" 0 "Install LDAP Instance" + rlLog "$SUBSYSTEM_NAME" + rlRun "rhds_install $(eval echo \$CLONE_OCSP${number}_LDAP_PORT) $(eval echo \$CLONE_OCSP${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $(eval echo \$${MASTER_OCSP}_DB_SUFFIX) $SUBSYSTEM_NAME > /tmp/ocspclone.out 2>&1" 0 "Installing RHDS instance for CLONE CA install" #Install OCSP CLONE rlLog "Creating CLONE OCSP Instance" @@ -981,6 +1118,8 @@ rhcs_install_cloneOCSP(){ echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG echo "pki_issuing_ca=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG + #echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG + #echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "[OCSP]" >> $INSTANCECFG @@ -1036,13 +1175,11 @@ rhcs_install_cloneOCSP(){ exp_message5_1="https://$BEAKERCLONE:$(eval echo \$CLONE_OCSP${number}_SECURE_PORT)/ocsp" rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" #echo "export OCSP_SERVER_ROOT=/var/lib/pki/$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME)/ocsp" >> /opt/rhqa_pki/env.sh + rlLog "https://fedorahosted.org/pki/ticket/1058" rlPhaseEnd } - - - rhcs_install_cloneTKS(){ rlPhaseStartTest "rhcs_install_clonetks_only - Install RHCS CLONE TKS Server BZ1165864" @@ -1060,7 +1197,7 @@ rhcs_install_cloneTKS(){ #Install and configure RHDS instance rlLog "Creating LDAP server Instance" rhcs_install_set_ldap_vars - rlRun "rhds_install $(eval echo \$CLONE_TKS${number}_LDAP_PORT) $(eval echo \$CLONE_TKS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TKS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TKS install" 0 "Install LDAP Instance" + rlRun "rhds_install $(eval echo \$CLONE_TKS${number}_LDAP_PORT) $(eval echo \$CLONE_TKS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TKS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TKS install" #Install CLONE TKS rlLog "Creating CLONE TKS Instance" @@ -1094,6 +1231,8 @@ rhcs_install_cloneTKS(){ echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG + echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG + echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG echo "[TKS]" >> $INSTANCECFG @@ -1140,6 +1279,382 @@ rhcs_install_cloneTKS(){ rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" exp_message5_1="https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)/tks" rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" + rlPhaseEnd +} + +rhcs_install_cloneTPS(){ + + rlPhaseStartTest "rhcs_install_clonetps_only - Install RHCS CLONE TPS Server BZ1190184" + rlLog "Failing due to: https://bugzilla.redhat.com/show_bug.cgi?id=1190184" + local INSTANCECFG="/tmp/clonetps_instance.inf" + local INSTANCE_CREATE_OUT="/tmp/clonetps_instance_create.out" + rlLog "$FUNCNAME" + local DOMAIN='hostname -d' + rhcs_install_prep_disableFirewall + local number=$1 + local master_hostname=$2 + local CA=$3 + local KRA=$4 + local TKS=$5 + local SUBSYSTEM_NAME=$(echo CloneTPS${number}) + local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-) + #Install and configure RHDS instance + rlLog "Creating LDAP server Instance" + rhcs_install_set_ldap_vars + rlRun "rhds_install $(eval echo \$CLONE_TPS${number}_LDAP_PORT) $(eval echo \$CLONE_TPS${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$CLONE${number}_LDAP_ROOTDN)\" $(eval echo \$CLONE${number}_LDAP_ROOTDNPWD) $TPS1_DB_SUFFIX $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE TPS install" + + #Install CLONE TPS + rlLog "Creating CLONE TPS Instance" + rlLog "Setting up Dogtag TPS CLONE Instance" + echo "[DEFAULT]" > $INSTANCECFG + echo "pki_instance_name=$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_https_port=$(eval echo \$CLONE_TPS${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_http_port=$(eval echo \$CLONE_TPS${number}_UNSECURE_PORT)" >> $INSTANCECFG + echo "pki_ajp_port=$(eval echo \$CLONE_TPS${number}_AJP_PORT)" >> $INSTANCECFG + echo "pki_tomcat_server_port=$(eval echo \$CLONE_TPS${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG + echo "pki_user=$(eval echo \$CLONE${number}_USER)" >> $INSTANCECFG + echo "pki_group=$(eval echo \$CLONE${number}_GROUP)" >> $INSTANCECFG + echo "pki_audit_group=$(eval echo \$CLONE${number}_GROUP_AUDIT)" >> $INSTANCECFG + echo "pki_token_name=$(eval echo \$CLONE_CA${number}_TOKEN_NAME)" >> $INSTANCECFG + echo "pki_token_password=$(eval echo \$CLONE_CA${number}_TOKEN_PASSWORD)" >> $INSTANCECFG + echo "pki_client_pkcs12_password=$(eval echo \$CLONE_CA${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG + echo "pki_issuing_ca=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_clone=True" >> $INSTANCECFG + echo "pki_clone_pkcs12_password=$TPS1_CLIENT_PKCS12_PASSWORD" >> $INSTANCECFG + echo "pki_clone_pkcs12_path=$CLIENT_PKCS12_DIR/tks_backup_keys.p12" >> $INSTANCECFG + echo "pki_clone_replication_master_port=$TPS1_LDAP_PORT" >> $INSTANCECFG + echo "pki_clone_replication_clone_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG + echo "pki_clone_repicate_schema=$REPLICATE_SCHEMA" >> $INSTANCECFG + echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG + echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG + echo "pki_ds_password=$(eval echo \$CLONE${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG + echo "pki_admin_password=$(eval echo \$CLONE_TPS${number}_ADMIN_PASSWORD)" >> $INSTANCECFG + echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG + echo "pki_security_domain_https_port=$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_security_domain_user=$(eval echo \$${CA}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_security_domain_password=$(eval echo \$${CA}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG + echo "pki_security_domain_name=$DOMAIN" >> $INSTANCECFG + echo "pki_client_database_dir=/tmp/dummydir" >> $INSTANCECFG + echo "pki_client_database_password=$ROOTCA_CERTDB_DIR_PASSWORD" >> $INSTANCECFG + + echo "[TPS]" >> $INSTANCECFG + echo "pki_admin_name=$(eval echo \$CLONE_TPS${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_admin_uid=$(eval echo \$CLONE_TPS${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_admin_email=$(eval echo \$CLONE_TPS${number}_ADMIN_EMAIL)" >> $INSTANCECFG + echo "pki_admin_dualkey=$(eval echo \$CLONE_TPS${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG + echo "pki_admin_key_size=$(eval echo \$CLONE_TPS${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG + echo "pki_admin_key_type=$(eval echo \$CLONE_TPS${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG + echo "pki_admin_subject_dn=$(eval echo \$CLONE_TPS${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG + echo "pki_admin_nickname=$(eval echo \$CLONE_TPS${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$CLONE_TPS${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_import_admin_cert=$CLONE_ADMIN_IMPORT_CERT" >> $INSTANCECFG + echo "pki_client_admin_cert_p12=$CLIENT_DIR/$TPS1_ADMIN_CERT_NICKNAME.p12" >> $INSTANCECFG + echo "pki_ds_hostname=$(hostname)" >> $INSTANCECFG + echo "pki_ds_ldap_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG + echo "pki_ds_bind_dn=$(eval echo \$CLONE${number}_LDAP_ROOTDN)" >> $INSTANCECFG + echo "pki_ds_secure_connection=$(eval echo \$CLONE_TPS${number}_SECURE_CONN)" >> $INSTANCECFG + echo "pki_ds_remove_data=$(eval echo \$CLONE_TPS${number}_REMOVE_DATA)" >> $INSTANCECFG + echo "pki_ds_base_dn=$TPS1_DB_SUFFIX" >> $INSTANCECFG + echo "pki_ds_database=$TPS1_LDAP_INSTANCE_NAME" >> $INSTANCECFG + echo "pki_ca_uri=https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_enable_server_side_keygen=$(eval echo \$CLONE_TPS${number}_SERVER_KEYGEN)" >> $INSTANCECFG + echo "pki_kra_uri=https://$(hostname):$(eval echo \$CLONE_KRA${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_tks_uri=https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_authdb_hostname=$(eval echo \$CLONE_TPS${number}_DS_HOSTNAME)" >> $INSTANCECFG + echo "pki_authdb_port=$(eval echo \$CLONE_TPS${number}_LDAP_PORT)" >> $INSTANCECFG + echo "pki_authdb_basedn=$(eval echo \$TPS${number}_DB_SUFFIX)" >> $INSTANCECFG + cat $INSTANCECFG + + rlLog "EXECUTING: pkispawn -s TPS -f $INSTANCECFG -v " + rlRun "pkispawn -s TPS -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1" + cat $INSTANCE_CREATE_OUT + exp_message1="Administrator's username: $(eval echo \$CLONE_TPS${number}_ADMIN_USER)" + rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" + exp_message3_1="To check the status of the subsystem:" + rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT" + exp_message4_1="To restart the subsystem:" + rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" + exp_message5="The URL for the subsystem is:" + rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" + exp_message5_1="https://$(hostname):$(eval echo \$CLONE_TPS${number}_SECURE_PORT)/tks" + rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" rlPhaseEnd } +########################################################### +# CA SIGNED BY AN EXTERNAL CA TESTS # +########################################################### +rhcs_install_CAwithExtCA() { + rlLog "Creating a CA signed by ROOTCA" + local INSTANCECFG="/tmp/subca_instance.inf" + local INSTANCE_CREATE_OUT="/tmp/subca_instance_create.out" + rlLog "$FUNCNAME" + local DOMAIN='hostname -d' + rhcs_install_prep_disableFirewall + + #Install and configure RHDS instance + local number=$1 + local csr=$2 + local admin_cert_location=$4 + local client_pkcs12_password=$5 + local admin_cert=$6 + local tmp_host=$7 + local SUBSYSTEM_NAME=$(echo SubCA${number}) + local SUBCA${number}_DOMAIN=`hostname -d` + local cert_type=$3 + rlLog "Creating LDAP server Instance" + rhcs_install_set_ldap_vars + rlRun "rhds_install $(eval echo \$SUBCA${number}_LDAP_PORT) $(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME) \"$(eval echo \$SUBCA${number}_LDAP_ROOTDN)\" $(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD) $(eval echo \$SUBCA${number}_DB_SUFFIX) $SUBSYSTEM_NAME" 0 "Installing RHDS instance for CLONE CA install" + #Install eval echo $(eval echo $SUBCA${number} INSTANCE + rlLog "Setting up Dogtag SUBCA instance ............." + echo "[DEFAULT]" > $INSTANCECFG + echo "pki_instance_name=$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_https_port=$(eval echo \$SUBCA${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_http_port=$(eval echo \$SUBCA${number}_UNSECURE_PORT)" >> $INSTANCECFG + echo "pki_ajp_port=$(eval echo \$SUBCA${number}_AJP_PORT)" >> $INSTANCECFG + echo "pki_tomcat_server_port=$(eval echo \$SUBCA${number}_TOMCAT_SERVER_PORT)" >> $INSTANCECFG + echo "pki_user=$(eval echo \$SUBCA${number}_USER)" >> $INSTANCECFG + echo "pki_group=$(eval echo \$SUBCA${number}_GROUP)" >> $INSTANCECFG + echo "pki_audit_group=$(eval echo \$SUBCA${number}_GROUP_AUDIT)" >> $INSTANCECFG + echo "pki_token_name=$(eval echo \$SUBCA${number}_TOKEN_NAME)" >> $INSTANCECFG + echo "pki_token_password=$(eval echo \$SUBCA${number}_TOKEN_PASSWORD)" >> $INSTANCECFG + echo "pki_client_pkcs12_password=$(eval echo \$SUBCA${number}_CLIENT_PKCS12_PASSWORD)" >> $INSTANCECFG + echo "pki_admin_password=$(eval echo \$SUBCA${number}_ADMIN_PASSWORD)" >> $INSTANCECFG + echo "pki_ds_password=$(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG + echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG + echo "pki_security_domain_hostname=$master_hostname" >> $INSTANCECFG + echo "pki_security_domain_https_port=$(eval echo \$SUBCA${number}_SECURE_PORT)" >> $INSTANCECFG + echo "pki_security_domain_user=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_security_domain_password=$(eval echo \$SUBCA${number}_SECURITY_DOMAIN_PASSWORD)" >> $INSTANCECFG + echo "pki_security_domain_name=$(eval echo \$SUBCA${number}_DOMAIN)" >> $INSTANCECFG + + echo "[CA]" >> $INSTANCECFG + + echo "pki_external=True" >> $INSTANCECFG + echo "pki_external_csr_path=$csr" >> $INSTANCECFG + echo "pki_admin_name=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_admin_uid=$(eval echo \$SUBCA${number}_ADMIN_USER)" >> $INSTANCECFG + echo "pki_admin_email=$(eval echo \$SUBCA${number}_ADMIN_EMAIL)" >> $INSTANCECFG + echo "pki_admin_dualkey=$(eval echo \$SUBCA${number}_ADMIN_DUAL_KEY)" >> $INSTANCECFG + echo "pki_admin_key_size=$(eval echo \$SUBCA${number}_ADMIN_KEY_SIZE)" >> $INSTANCECFG + echo "pki_admin_key_type=$(eval echo \$SUBCA${number}_ADMIN_KEY_TYPE)" >> $INSTANCECFG + echo "pki_admin_subject_dn=$(eval echo \$SUBCA${number}_ADMIN_SUBJECT_DN)" >> $INSTANCECFG + echo "pki_admin_nickname=$(eval echo \$SUBCA${number}_ADMIN_CERT_NICKNAME)" >> $INSTANCECFG + echo "pki_import_admin_cert=$(eval echo \$SUBCA${number}_ADMIN_IMPORT_CERT)" >> $INSTANCECFG + echo "pki_client_admin_cert_p12=$CLIENT_DIR/$(eval echo \$SUBCA${number}_ADMIN_CERT_NICKNAME).p12" >> $INSTANCECFG + echo "pki_subsystem_key_type=$(eval echo \$SUBCA${number}_SUBSYSTEM_KEY_TYPE)" >> $INSTANCECFG + echo "pki_subsystem_key_size=$(eval echo \$SUBCA${number}_SUBYSTEM_KEY_SIZE)" >> $INSTANCECFG + echo "pki_subsystem_key_algorithm=$(eval echo \$SUBCA${number}_SUBSYSTEM_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_subsystem_signing_algorithm=$(eval echo \$SUBCA${number}_SUBSYSTEM_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_subsystem_token=$(eval echo \$SUBCA${number}_SUBSYSTEM_TOKEN)" >> $INSTANCECFG + echo "pki_subsystem_nickname=$(eval echo \$SUBCA${number}_SUBSYTEM_NICKNAME)" >> $INSTANCECFG + echo "pki_subsystem_subject_dn=$(eval echo \$SUBCA${number}_SUBSYSTEM_SUBJECT_DN)" >> $INSTANCECFG + echo "pki_ds_database=$(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_ca_signing_key_type=$(eval echo \$SUBCA${number}_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ca_signing_key_size=$(eval echo \$SUBCA${number}_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ca_signing_key_algorithm=$(eval echo \$SUBCA${number}_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ca_signing_signing_algorithm=$(eval echo \$SUBCA${number}_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ca_signing_token=$(eval echo \$SUBCA${number}_SIGNING_TOKEN)" >> $INSTANCECFG + echo "pki_ca_signing_nickname=$(eval echo \$SUBCA${number}_SIGNING_NICKNAME)" >> $INSTANCECFG + echo "pki_ca_signing_subject_dn=$(eval echo \$SUBCA${number}_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_ocsp_signing_key_type=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ocsp_signing_key_size=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ocsp_signing_key_algorithm=$(eval echo \$SUBCA${number}_OCSP_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ocsp_signing_signing_algorithm=$(eval echo \$SUBCA${number}_OCSP_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ocsp_signing_token=$(eval echo \$SUBCA${number}_OCSP_SIGNING_TOKEN)" >> $INSTANCECFG + echo "pki_ocsp_signing_nickname=$(eval echo \$SUBCA${number}_OCSP_SIGNING_NICKNAME)" >> $INSTANCECFG + echo "pki_ocsp_signing_subject_dn=$(eval echo \$SUBCA${number}_OCSP_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_audit_signing_key_type=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_TYPE)" >> $INSTANCECFG + echo "pki_audit_signing_key_size=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_SIZE)" >> $INSTANCECFG + echo "pki_audit_signing_key_algorithm=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_audit_signing_signing_algorithm=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_audit_signing_token=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_TOKEN)" >> $INSTANCECFG + echo "pki_audit_signing_nickname=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_NICKNAME)" >> $INSTANCECFG + echo "pki_audit_signing_subject_dn=$(eval echo \$SUBCA${number}_AUDIT_SIGNING_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_ssl_server_key_type=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_TYPE)" >> $INSTANCECFG + echo "pki_ssl_server_key_size=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_SIZE)" >> $INSTANCECFG + echo "pki_ssl_server_key_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_KEY_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_signing_algorithm=$(eval echo \$SUBCA${number}_SSL_SERVER_SIGNING_ALGORITHM)" >> $INSTANCECFG + echo "pki_ssl_server_token=$(eval echo \$SUBCA${number}_SSL_SERVER_TOKEN)" >> $INSTANCECFG + echo "pki_ssl_server_nickname=$(eval echo \$SUBCA${number}_SSL_SERVER_NICKNAME)" >> $INSTANCECFG + echo "pki_ssl_server_subject_dn=$(eval echo \$SUBCA${number}_SSL_SERVER_CERT_SUBJECT_NAME)" >> $INSTANCECFG + echo "pki_ds_hostname=$(eval echo \$SUBCA${number}_DS_HOSTNAME)" >> $INSTANCECFG + echo "pki_ds_ldap_port=$(eval echo \$SUBCA${number}_LDAP_PORT)" >> $INSTANCECFG + echo "pki_ds_bind_dn=$(eval echo \$SUBCA${number}_LDAP_ROOTDN)" >> $INSTANCECFG + echo "pki_ds_password=$(eval echo \$SUBCA${number}_LDAP_ROOTDNPWD)" >> $INSTANCECFG + echo "pki_ds_secure_connection=$(eval echo \$SUBCA${number}_SECURE_CONN)" >> $INSTANCECFG + echo "pki_ds_remove_data=$(eval echo \$SUBCA${number}_REMOVE_DATA)" >> $INSTANCECFG + echo "pki_ds_base_dn=$(eval echo \$SUBCA${number}_DB_SUFFIX)" >> $INSTANCECFG + echo "pki_ds_database=$(eval echo \$SUBCA${number}_LDAP_INSTANCE_NAME)" >> $INSTANCECFG + echo "pki_backup_keys=$(eval echo \$SUBCA${number}_BACKUP)" >> $INSTANCECFG + echo "pki_backup_password=$(eval echo \$SUBCA${number}_BACKUP_PASSWORD)" >> $INSTANCECFG + echo "pki_client_database_dir=$(eval echo \$SUBCA${number}_CERTDB_DIR)" >> $INSTANCECFG + echo "pki_client_database_password=$(eval echo \$SUBCA${number}_CERTDB_DIR_PASSWORD)" >> $INSTANCECFG + echo "pki_client_database_purge=$(eval echo \$SUBCA${number}_CLIENT_DB_PURGE)" >> $INSTANCECFG + echo "pki_restart_configured_instance=$RESTART_INSTANCE" >> $INSTANCECFG + echo "pki_skip_configuration=$SKIP_CONFIG" >> $INSTANCECFG + echo "pki_skip_installation=$SKIP_INSTALL" >> $INSTANCECFG + echo "pki_enable_access_log=$ENABLE_ACCESS_LOG" >> $INSTANCECFG + echo "pki_enable_java_debugger=$ENABLE_JAVA_DEBUG" >> $INSTANCECFG + echo "pki_security_manager=$SECURITY_MANAGER" >> $INSTANCECFG + echo "export SUBCA${number}_DOMAIN=$(eval echo \$SUBCA${number}_DOMAIN)" >> /opt/rhqa_pki/env.sh + cat $INSTANCECFG + rlRun "cp $INSTANCECFG /tmp/subca.inf.bak" + rlLog "EXECUTING: pkispawn -s CA -f $INSTANCECFG -v " + rlRun "pkispawn -s CA -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1" + rlRun "cat $INSTANCE_CREATE_OUT" + exp_message1="Administrator's username: $(eval echo \$SUBCA${number}_ADMIN_USER)" + rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" + #exp_message1_1="Administrator's PKCS #12 file:" + #rlAssertGrep "$exp_message1_1" "$INSTANCE_CREATE_OUT" + exp_message2="$(eval echo \$SUBCA${number}_DOMAIN)" + rlAssertGrep "$exp_message2" "$INSTANCE_CREATE_OUT" + exp_message3_1="To check the status of the subsystem:" + rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT" + exp_message4_1="To restart the subsystem:" + rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" + exp_message5="The URL for the subsystem is:" + rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" + exp_message5_1="https://$(hostname):$(eval echo \$SUBCA${number}_SECURE_PORT)/ca" + rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" + #echo "export CA_SERVER_ROOT=/var/lib/pki/$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)/ca" >> /opt/rhqa_pki/env.sh + #mkdir -p $CLIENT_PKCS12_DIR + #mv /var/lib/pki/$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 $CLIENT_PKCS12_DIR + + local TEMP_NSS_DB="/tmp/nssdb" + local TEMP_NSS_DB_PWD="Secret123" + if [ -d "$TEMP_NSS_DB" ]; then + + rlLog "$TEMP_NSS_DB Directory exists" + else + rlLog "Creating Security Database" + rlRun "pki -d $TEMP_NSS_DB -c $TEMP_NSS_DB_PWD client-init" 0 "Initializing Security Database" + RETVAL=$? + if [ $RETVAL != 0 ]; then + rlLog "FAIL :: NSS Database was not created" + return 1 + fi + fi + if [ $cert_type = "Dogtag" ]; then + + local profile=caCACert + local rand=$RANDOM + local request_type="pkcs10" + local cn="New CA" + local uid="newca" + local email="newca@foobar.org" + local ou="Foo_Example_IT" + local org="FooBar.Org" + local state="North Carolina" + local location="Raleigh" + local country="US" + local cert_subject_file="/tmp/subfile" + rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $csr" + rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $csr" + echo -e "RequestType:$request_type" > $cert_subject_file + echo -e "CN:$cn" >> $cert_subject_file + echo -e "UID:$uid" >> $cert_subject_file + echo -e "Email:$email" >> $cert_subject_file + echo -e "OU:$ou" >> $cert_subject_file + echo -e "Org:$org" >> $cert_subject_file + echo -e "State:$state" >> $cert_subject_file + echo -e "Location:$location" >> $cert_subject_file + echo -e "Country:$country" >> $cert_subject_file + echo -e "Request_DN:$(eval echo \$SUBCA${number}_SIGNING_CERT_SUBJECT_NAME)" >> $cert_subject_file + rlRun "pki -d $TEMP_NSS_DB \ + -h $tmp_host \ + -p $ROOTCA_UNSECURE_PORT \ + -c $TEMP_NSS_DB_PWD \ + cert-request-profile-show $profile \ + --output $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/$rand-profile.xml-out" + rlRun "generate_xml $csr $cert_subject_file $TEMP_NSS_DB/$rand-profile.xml $profile" + rlRun "pki -h $tmp_host -p $ROOTCA_UNSECURE_PORT cert-request-submit $TEMP_NSS_DB/$rand-profile.xml 1> $TEMP_NSS_DB/pki-cert-request-submit.out" 0 "Submit request" + local REQUEST_ID=$(cat $TEMP_NSS_DB/pki-cert-request-submit.out | grep "Request ID" | awk -F ": " '{print $2}') + rlAssertGrep "Request ID: $REQUEST_ID" "$TEMP_NSS_DB/pki-cert-request-submit.out" + rlAssertGrep "Type: enrollment" "$TEMP_NSS_DB/pki-cert-request-submit.out" + rlAssertGrep "Request Status: pending" "$TEMP_NSS_DB/pki-cert-request-submit.out" + rlAssertGrep "Operation Result: success" "$TEMP_NSS_DB/pki-cert-request-submit.out" + rlLog "importP12FileNew $admin_cert_location $client_pkcs12_password $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert" + rlRun "importP12FileNew $admin_cert_location $client_pkcs12_password $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert" 0 "Import Admin certificate to $CERTDB_DIR" + rlRun "install_and_trust_CA_cert $ROOTCA_SERVER_ROOT $CERTDB_DIR" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -n \"$admin_cert\" \ + -h $tmp_host \ + -p $ROOTCA_UNSECURE_PORT \ + ca-cert-request-review $REQUEST_ID \ + --action approve 1> $TEMP_NSS_DB/$REQUEST_ID-pkcs10-approve-out" 0 "As $admin_cert Approve certificate request $REQUEST_ID" + rlAssertGrep "Approved certificate request $REQUEST_ID" "$TEMP_NSS_DB/$REQUEST_ID-pkcs10-approve-out" + rlRun "pki -p $ROOTCA_UNSECURE_PORT -h $tmp_host ca-cert-request-show $REQUEST_ID > $TEMP_NSS_DB/certrequestapprovedshow_001.out" 0 "Executing pki cert-request-show $REQUEST_ID" + rlAssertGrep "Request ID: $REQUEST_ID" "$TEMP_NSS_DB/certrequestapprovedshow_001.out" + rlAssertGrep "Type: enrollment" "$TEMP_NSS_DB/certrequestapprovedshow_001.out" + rlAssertGrep "Status: complete" "$TEMP_NSS_DB/certrequestapprovedshow_001.out" + rlAssertGrep "Certificate ID:" "$TEMP_NSS_DB/certrequestapprovedshow_001.out" + local certificate_serial_number=`cat $TEMP_NSS_DB/certrequestapprovedshow_001.out | grep "Certificate ID:" | awk '{print $3}'` + rlLog "Cerificate Serial Number=$certificate_serial_number" + rlRun "pki -h $tmp_host -p $ROOTCA_UNSECURE_PORT cert-show $certificate_serial_number --output $TEMP_NSS_DB/certb64.out" 0 "B64 of the certificate" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlRun "curl --basic --dump-header $TEMP_NSS_DB/header.out -d \"serialNumber=$certificate_serial_number\" -k \"http://$tmp_host:$ROOTCA_UNSECURE_PORT/ca/ee/ca/getCertChain\" > $TEMP_NSS_DB/b64certChain.out" + rlRun "sed -e '/-----BEGIN CERTIFICATE-----/d' -i $TEMP_NSS_DB/certb64.out" + rlRun "sed -e '/-----END CERTIFICATE-----/d' -i $TEMP_NSS_DB/certb64.out" + rlRun "sed -i -e 's/<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><XMLResponse><Status>0<\/Status><ChainBase64>//g' -i $TEMP_NSS_DB/b64certChain.out" + rlRun "sed -i -e 's/<\/ChainBase64><\/XMLResponse>//g' -i $TEMP_NSS_DB/b64certChain.out" + else + rlLog "Use testplan to set up ADCS on MS Server and save the params in env.sh" + csr_string=$(cat $csr | tr -d '\n') + rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certfnsh.asp -u \"$MS_username:$MS_password\" --data-urlencode CertRequest=\"$csr_string\" -d Mode=newreq -d SaveCert=yes -d CertAttrib=CertificateTemplate:SubCA > $TEMP_NSS_DB/msca_new_cert.out" + rlRun "sleep 5" + rlRun "cat $TEMP_NSS_DB/msca_new_cert.out | grep \"Download certificate:\" > $TEMP_NSS_DB/msca_new_cert1.out" + rlRun "sed -i -e 's/<LocID ID=locDownloadCert1>Download certificate: <\/LocID><A Href=\"certnew.cer?//g' $TEMP_NSS_DB/msca_new_cert1.out" + rlRun "sleep 5" + rlRun "sed -i -e 's/\&Enc=bin\"><LocID ID=locDerEnc1>DER Encoded<\/LocID><\/A><LocID ID=locSep1>.*//g' $TEMP_NSS_DB/msca_new_cert1.out" + rlRun "sleep 5" + MS_newca_request_ID=$(cat $TEMP_NSS_DB/msca_new_cert1.out | grep "ReqID=" | cut -d= -f2) + rlLog "$MS_newca_request_ID" + rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certnew.cer -G -d ReqID=$MS_newca_request_ID -d Enc-bin > $TEMP_NSS_DB/certb64.out" + rlRun "curl -k --ntlm https://$MS_ipaddr/certsrv/certnew.p7b -G -d ReqID=$MS_newca_request_ID -d Enc-bin > $TEMP_NSS_DB/b64certChain.out" + fi + + rlLog "Preparing the config file for step 2 of pkispawn" + rlRun "sed -e '/pki_external_csr_path=.*/d' -i $INSTANCECFG" + echo "pki_external_ca_cert_chain_path=$TEMP_NSS_DB/b64certChain.out" >> $INSTANCECFG + echo "pki_external_ca_cert_path=$TEMP_NSS_DB/certb64.out" >> $INSTANCECFG + echo "pki_external_step_two=True" >> $INSTANCECFG + + rlLog "EXECUTING: pkispawn -s CA -f $INSTANCECFG -v " + rlRun "pkispawn -s CA -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1" + rlRun "cat $INSTANCE_CREATE_OUT" + exp_message1="Administrator's username: $(eval echo \$SUBCA${number}_ADMIN_USER)" + rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" + exp_message1_1="Administrator's PKCS #12 file:" + rlAssertGrep "$exp_message1_1" "$INSTANCE_CREATE_OUT" + exp_message2="$(eval echo \$SUBCA${number}_DOMAIN)" + rlAssertGrep "$exp_message2" "$INSTANCE_CREATE_OUT" + exp_message3_1="To check the status of the subsystem:" + rlAssertGrep "$exp_message3_1" "$INSTANCE_CREATE_OUT" + exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message3_2" "$INSTANCE_CREATE_OUT" + exp_message4_1="To restart the subsystem:" + rlAssertGrep "$exp_message4_1" "$INSTANCE_CREATE_OUT" + exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$SUBCA${number}_TOMCAT_INSTANCE_NAME).service" + rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" + exp_message5="The URL for the subsystem is:" + rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" + exp_message5_1="https://$(hostname):$(eval echo \$SUBCA${number}_SECURE_PORT)/ca" + rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" +} diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh index aeefdd1a1..dae68ac0e 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh @@ -74,6 +74,7 @@ run_rhcs_install_packages() { ##################################################################### yum clean all yum -y update + yum -y install wget #CA install rc=0 rlLog "CA instance will be installed on $HOSTNAME" @@ -148,48 +149,55 @@ run_install_subsystem_RootCA() } #KRA Install + run_install_subsystem_kra() { - rlPhaseStartSetup "rhcs_install_subsystem_kra: Default install" - rlLog "KRA instance will be installed on $HOSTNAME" - rc=0 - number=$1 + rlPhaseStartSetup "rhcs_install_subsystem_kra: Default install" + rlLog "KRA instance will be installed on $HOSTNAME" + rc=0 + number=$1 master_hostname=$2 CA=$3 - rpm -qa | grep pki-kra - if [ $? -eq 0 ] ; then - rlLog "pki-kra package is installed" - else - rlLog "ERROR: $item package is NOT installed" - rc=1 - fi + KRA="KRA${number}" + eval ${KRA}_INSTALLED=TRUE + rpm -qa | grep pki-kra + if [ $? -eq 0 ] ; then + rlLog "pki-kra package is installed" + else + rlLog "ERROR: $item package is NOT installed" + rc=1 + eval ${KRA}_INSTALLED=FALSE + fi - if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then - rhcs_install_kra $number $master_hostname $CA - fi - rlPhaseEnd + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then + rhcs_install_kra $number $master_hostname $CA + fi + rlPhaseEnd } #OCSP install + run_install_subsystem_ocsp() { - rlPhaseStartSetup "rhcs_install_subsystem_ocsp: Default install" - rlLog "OCSP instance will be installed on $HOSTNAME" - rc=0 - number=$1 + rlPhaseStartSetup "rhcs_install_subsystem_ocsp: Default install" + rlLog "OCSP instance will be installed on $HOSTNAME" + rc=0 + number=$1 master_hostname=$2 CA=$3 - rpm -qa | grep pki-ocsp - if [ $? -eq 0 ] ; then - rlLog "pki-ocsp package is installed" + rpm -qa | grep pki-ocsp + if [ $? -eq 0 ] ; then + rlLog "pki-ocsp package is installed" else - rlLog "ERROR: $item package is NOT installed" - rc=1 - fi + rlLog "ERROR: $item package is NOT installed" + rc=1 + OCSP3_INSTALLED=FALSE + fi - if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then - rhcs_install_ocsp $number $master_hostname $CA - fi - rlPhaseEnd + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then + rhcs_install_ocsp $number $master_hostname $CA + fi + rlPhaseEnd } + #RA install #rlLog "RA instance will be installed on $HOSTNAME" @@ -217,49 +225,53 @@ run_install_subsystem_ocsp() { #TKS install run_install_subsystem_tks() { - rlPhaseStartSetup "rhcs_install_subsystem_tks: Default install" - rlLog "TKS instance will be installed on $HOSTNAME" - rc=0 - number=$1 + rlPhaseStartSetup "rhcs_install_subsystem_tks: Default install" + rlLog "TKS instance will be installed on $HOSTNAME" + rc=0 + number=$1 master_hostname=$2 CA=$3 - rpm -qa | grep pki-tks + TKS="TKS${number}" + eval ${TKS}_INSTALLED=TRUE + rpm -qa | grep pki-tks if [ $? -eq 0 ] ; then - rlLog "pki-tks package is installed" + rlLog "pki-tks package is installed" else rlLog "ERROR: $item package is NOT installed" - rc=1 + rc=1 + eval ${TKS}_INSTALLED=FALSE fi - if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then - rlLog "Installing TKS" - rhcs_install_tks $number $master_hostname $CA - fi - rlPhaseEnd + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then + rlLog "Installing TKS" + rhcs_install_tks $number $master_hostname $CA + fi + rlPhaseEnd } - #TPS install - #rlLog "TPS instance will be installed on $HOSTNAME" - #rc=0 - #yum -y install $COMMON_SERVER_PACKAGES - #yum -y install $TPS_SERVER_PACKAGES - #ALL_PACKAGES="$COMMON_SERVER_PACKAGES $DOGTAG_PACKAGES" - #for item in $ALL_PACKAGES ; do - #rpm -qa | grep $item - #if [ $? -eq 0 ] ; then - #rlLog "$item package is installed" - #else - #rlLog "ERROR: $item package is NOT installed" - #rc=1 - #fi - #done - #if [ $rc -eq 0 ] ; then - #rlLog "Installing TPS" - #rhcs_install_tps - #fi - #else - #rlLog "Machine in recipe is not a MASTER" - #fi +#TPS install +run_install_subsystem_tps() { + rlPhaseStartSetup "rhcs_install_subsystem_tps: Default install" + rlLog "TPS instance will be installed on $HOSTNAME" + rc=0 + number=$1 + master_hostname=$2 + CA=$3 + KRA=$4 + TKS=$5 + rpm -qa | grep pki-tks + if [ $? -eq 0 ] ; then + rlLog "$item package is installed" + else + rlLog "ERROR: $item package is NOT installed" + rc=1 + fi + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${KRA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${TKS}_INSTALLED) = "TRUE" ] ; then + rlLog "Installing TPS" + rhcs_install_tps $number $master_hostname $CA $KRA $TKS + fi + rlPhaseEnd +} #####################SUBCA###################### ################################################ @@ -402,4 +414,27 @@ run_install_subsystem_cloneTKS(){ fi rlPhaseEnd } +#CLONE TPS install +run_install_subsystem_cloneTPS(){ + rlPhaseStartSetup "rhcs_install_subsystem_clonetps: Default install" + rlLog "Clone TPS instance will be installed on $HOSTNAME" + rc=0 + number=$1 + master_hostname=$2 + CA=$3 + KRA=$4 + TKS=$5 + rpm -qa | grep pki-tps + if [ $? -eq 0 ] ; then + rlLog "pki-tps package is installed" + else + rlLog "ERROR: pki-tps package is NOT installed" + rc=1 + fi + if [ $rc -eq 0 ] ; then + rlLog "Installing TPS" + rhcs_install_cloneTPS $number $master_hostname $CA $KRA $TKS + fi + rlPhaseEnd +} diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 6dccf289b..8c742420e 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -221,12 +221,17 @@ . ./acceptance/legacy/ocsp-tests/internaldb/ocsp-ad-internaldb.sh . ./acceptance/legacy/ocsp-tests/agent/ocsp-ag-tests.sh . ./acceptance/legacy/tks-tests/usergroups/tks-ad-usergroups.sh +. ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh . ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh . ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh -. ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh . ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh -. ./acceptance/legacy/clone_ca_tests/clone_tests.sh . ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh +. ./acceptance/legacy/clone_ca_tests/clone_tests.sh +. ./acceptance/install-tests/ca-installer.sh +. ./acceptance/install-tests/kra-installer.sh +. ./acceptance/install-tests/ocsp-installer.sh +. ./acceptance/install-tests/tks-installer.sh +. ./acceptance/install-tests/tps-installer.sh . ./acceptance/bugzilla/bug_setup.sh . ./acceptance/bugzilla/bug_uninstall.sh . ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh @@ -283,40 +288,18 @@ rlJournalStart KRA_INST=$(cat /tmp/topo_file | grep MY_KRA | cut -d= -f2) OCSP_INST=$(cat /tmp/topo_file | grep MY_OCSP | cut -d= -f2) TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2) + TPS_INST=$(cat /tmp/topo_file | grep MY_TPS | cut -d= -f2) if [ "$QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ] ; then run_rhcs_set_time run_rhcs_install_set_vars run_rhcs_install_quickinstall - #Set-up role users - get_topo_stack $MYROLE /tmp/topo_file - CA_INST=$(cat /tmp/topo_file | grep MY_CA | cut -d= -f2) - rlLog "Subsystem ID CA=$CA_INST" - run_pki-user-cli-role-user-create-tests $CA_INST ca $MYROLE - KRA_INST=$(cat /tmp/topo_file | grep MY_KRA | cut -d= -f2) - rlLog "Subsystem ID KRA=$KRA_INST" - run_pki-user-cli-role-user-create-tests $KRA_INST kra $MYROLE - OCSP_INST=$(cat /tmp/topo_file | grep MY_OCSP | cut -d= -f2) - rlLog "Subsystem ID OCSP=$OCSP_INST" - run_pki-user-cli-role-user-create-tests $OCSP_INST ocsp $MYROLE - TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2) - rlLog "Subsystem ID TKS=$TKS_INST" - run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE - SUBCA_INST=$(cat /tmp/topo_file | grep MY_SUBCA | cut -d= -f2) - rlLog "Subsystem ID SUBCA=$SUBCA_INST" - run_pki-user-cli-role-user-create-tests $SUBCA_INST ca $MYROLE + SUBCA_INST=$(cat /tmp/topo_file | grep MY_SUBCA | cut -d= -f2) CLONECA_INST=$(cat /tmp/topo_file | grep MY_CLONE_CA | cut -d= -f2) - rlLog "Subsystem ID CLONECA=$CLONECA_INST" - run_pki-user-cli-role-user-create-tests $CLONECA_INST ca $MYROLE CLONEKRA_INST=$(cat /tmp/topo_file | grep MY_CLONE_KRA | cut -d= -f2) - rlLog "Subsystem ID CLONEKRA=$CLONEKRA_INST" - run_pki-user-cli-role-user-create-tests $CLONEKRA_INST kra $MYROLE CLONEOCSP_INST=$(cat /tmp/topo_file | grep MY_CLONE_OCSP | cut -d= -f2) - rlLog "Subsystem ID CLONEOCSP=$CLONEOCSP_INST" - run_pki-user-cli-role-user-create-tests $CLONEOCSP_INST ocsp $MYROLE CLONETKS_INST=$(cat /tmp/topo_file | grep MY_CLONE_TKS | cut -d= -f2) - rlLog "Subsystem ID CLONETKS=$CLONETKS_INST" - run_pki-user-cli-role-user-create-tests $CLONETKS_INST ocsp $MYROLE + CLONETPS_INST=$(cat /tmp/topo_file | grep MY_CLONE_TPS | cut -d= -f2) elif [ "$TOPO1_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_1 @@ -345,7 +328,62 @@ rlJournalStart run_rhcs_install_set_vars run_rhcs_install_topo_9 fi - + ######## CREATE ROLE USERS ############# + PKI_CREATE_CA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CA_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_CA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create CA role users + run_pki-user-cli-role-user-create-tests $CA_INST ca $MYROLE + fi + PKI_CREATE_KRA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_KRA_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_KRA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create KRA role users + run_pki-user-cli-role-user-create-tests $KRA_INST kra $MYROLE + fi + PKI_CREATE_OCSP_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_OCSP_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_OCSP_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create OCSP role users + run_pki-user-cli-role-user-create-tests $OCSP_INST ocsp $MYROLE + fi + PKI_CREATE_TKS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_TKS_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_TKS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create TKS role users + run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE + fi + PKI_CREATE_TPS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_TPS_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_TPS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create TPS role users + run_pki-user-cli-role-user-create-tests $TPS_INST tps $MYROLE + fi + PKI_CREATE_SUBCA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_SUBCA_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_SUBCA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create SUBCA role users + run_pki-user-cli-role-user-create-tests $SUBCA_INST ca $MYROLE + fi + PKI_CREATE_CLONECA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONECA_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_CLONECA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create CLONE CA role users + run_pki-user-cli-role-user-create-tests $CLONECA_INST ca $MYROLE + fi + PKI_CREATE_CLONEKRA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONEKRA_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_CLONEKRA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create CLONE KRA role users + run_pki-user-cli-role-user-create-tests $CLONEKRA_INST kra $MYROLE + fi + PKI_CREATE_CLONEOCSP_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONEOCSP_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_CLONEOCSP_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create CLONE OCSP role users + run_pki-user-cli-role-user-create-tests $CLONEOCSP_INST ocsp $MYROLE + fi + PKI_CREATE_CLONETKS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONETKS_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_CLONETKS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create CLONE TKS role users + run_pki-user-cli-role-user-create-tests $CLONETKS_INST tks $MYROLE + fi + PKI_CREATE_CLONETPS_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CLONETPS_ROLE_USER | tr [a-z] [A-Z]) + if [ "$PKI_CREATE_CLONETPS_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Create CLONE TPS role users + run_pki-user-cli-role-user-create-tests $CLONETPS_INST tps $MYROLE + fi ######## PKI USER CA TESTS ############ PKI_USER_CA_UPPERCASE=$(echo $PKI_USER_CA | tr [a-z] [A-Z]) if [ "$PKI_USER_CA_UPPERCASE" = "TRUE" ] ; then @@ -1542,23 +1580,23 @@ rlJournalStart run_ca-ee-ocsp_tests $subsystemType $MYROLE fi PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_MANUAL | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-renew-manual tests - subsystemType=ca - run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-renew-directory-auth-usercert tests - subsystemType=ca - run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-renew-sslclient-cert tests - subsystemType=ca - run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE - fi + if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-renew-manual tests + subsystemType=ca + run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-renew-directory-auth-usercert tests + subsystemType=ca + run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-renew-sslclient-cert tests + subsystemType=ca + run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE + fi PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_CA_SCEP_ENROLL | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute ca scep enroll tests @@ -1586,7 +1624,7 @@ rlJournalStart run_admin-kra-internaldb_tests $subsystemType $MYROLE fi PKI_LEGACY_KRA_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_KRA_AD_LOGS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_KRA_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + if [ "$PKI_LEGACY_KRA_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=kra run_admin-kra-log_tests $subsystemType $MYROLE fi @@ -1627,105 +1665,178 @@ rlJournalStart run_agent-subca-crls_tests $subsystemType $MYROLE fi PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_CERTIFICATES | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_subca-ag-certificates_tests $subsystemType $MYROLE - fi - PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_REQUESTS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_subca-ag-requests_tests $subsystemType $MYROLE - fi - PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_ENROLLMENT | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_ee-subca-enrollment_tests $subsystemType $MYROLE - fi - PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_RETRIEVAL | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_ee-subca-retrieval_tests $subsystemType $MYROLE - fi - PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PROFILE | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_admin-subca-profile_tests $subsystemType $MYROLE - fi - PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_PROFILE | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_agent-subca-profile_tests $subsystemType $MYROLE - fi + if [ "$PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_subca-ag-certificates_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_REQUESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_subca-ag-requests_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_ENROLLMENT | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ee-subca-enrollment_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_RETRIEVAL | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ee-subca-retrieval_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PROFILE | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_admin-subca-profile_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_PROFILE | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_agent-subca-profile_tests $subsystemType $MYROLE + fi PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_LOGS | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=ca run_admin-subca-log_tests $subsystemType $MYROLE - fi + fi PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_SCEP_ENROLL | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute subca scep enroll tests subsystemType=ca run_pki-legacy-subca-scep_tests $subsystemType $MYROLE + fi + PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_ocsp-ad_usergroups $subsystemType $MYROLE fi - PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ocsp - run_ocsp-ad_usergroups $subsystemType $MYROLE - fi - PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_ACLS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ocsp - run_admin-ocsp-acl_tests $subsystemType $MYROLE - fi - PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_LOGS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ocsp - run_admin-ocsp-log_tests $subsystemType $MYROLE - fi - PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_INTERNALDB | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ocsp - run_admin-ocsp-internaldb_tests $subsystemType $MYROLE - fi - PKI_LEGACY_OCSP_AG_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AG_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_OCSP_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ocsp - run_ocsp-ag_tests $subsystemType $MYROLE - fi - PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_USERGROUPS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=tks - run_tks-ad_usergroups $subsystemType $MYROLE + PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_ACLS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_admin-ocsp-acl_tests $subsystemType $MYROLE fi - PKI_LEGACY_TKS_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_ACLS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_TKS_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=tks - run_admin-tks-acl_tests $subsystemType $MYROLE + PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_LOGS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_admin-ocsp-log_tests $subsystemType $MYROLE fi - PKI_LEGACY_TKS_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_LOGS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_TKS_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=tks - run_admin-tks-log_tests $subsystemType $MYROLE + PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_INTERNALDB | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_admin-ocsp-internaldb_tests $subsystemType $MYROLE fi - PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_INTERNALDB | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=tks - run_admin-tks-internaldb_tests $subsystemType $MYROLE + PKI_LEGACY_OCSP_AG_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AG_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ocsp + run_ocsp-ag_tests $subsystemType $MYROLE fi - PKI_LEGACY_IPA_UPPERCASE=$(echo $PKI_LEGACY_IPA_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_IPA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_ipa_backend_plugin $subsystemType $MYROLE + PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_USERGROUPS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_TKS_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=tks + run_tks-ad_usergroups $subsystemType $MYROLE + fi + PKI_LEGACY_TKS_AD_ACLS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_ACLS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_TKS_AD_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=tks + run_admin-tks-acl_tests $subsystemType $MYROLE + fi + PKI_LEGACY_TKS_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_LOGS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_TKS_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=tks + run_admin-tks-log_tests $subsystemType $MYROLE + fi + PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_TKS_AD_INTERNALDB | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_TKS_AD_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=tks + run_admin-tks-internaldb_tests $subsystemType $MYROLE + fi + PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE=$(echo $PKI_LEGACY_TPS_ENROLLMENTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=tps + run_tps-enrollment_tests $subsystemType $MYROLE fi - PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_CA_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then - subsystemType=ca - clone_legacy_ca_tests $subsystemType $MYROLE - fi + PKI_LEGACY_IPA_UPPERCASE=$(echo $PKI_LEGACY_IPA_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_IPA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ipa_backend_plugin $subsystemType $MYROLE + fi + PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_CA_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CLONE_CA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then + subsystemType=ca + clone_legacy_ca_tests $subsystemType $MYROLE + fi PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_KRA_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then - subsystemType=kra - clone_legacy_drm_tests $subsystemType $MYROLE + if [ "$PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then + subsystemType=kra + clone_legacy_drm_tests $subsystemType $MYROLE + fi + PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE=$(echo $PKI_LEGACY_TPS_ENROLLMENTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_TPS_ENROLLMENTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=tps + run_tps-enrollment_tests $subsystemType $MYROLE + fi + ######## INSTALL TESTS ############ + PKI_INSTALL_TESTS_UPPERCASE=$(echo $PKI_INSTALL_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_INSTALL_TESTS_UPPERCASE" = "TRUE" ] ; then + # Execute pki install tests + subsystemId=$CA_INST + subsystemType=ca + # Execute pki KRA install tests + run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE + subsystemId=$KRA_INST + subsystemType=kra + run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE + # Execute pki OCSP install tests + subsystemId=$OCSP_INST + subsystemType=ocsp + run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE + # Execute pki TKS install tests + subsystemId=$TKS_INST + subsystemType=tks + run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE + # Execute pki TPS install tests + subsystemId=$TPS_INST + subsystemType=tps + run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE + fi + + PKI_CA_INSTALL_UPPERCASE=$(echo $PKI_CA_INSTALL | tr [a-z] [A-Z]) + if [ "$PKI_CA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki CA install tests + subsystemId=$CA_INST + subsystemType=ca + run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE + fi + + PKI_KRA_INSTALL_UPPERCASE=$(echo $PKI_KRA_INSTALL | tr [a-z] [A-Z]) + if [ "$PKI_KRA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki KRA install tests + subsystemId=$KRA_INST + subsystemType=kra + run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE + fi + + PKI_OCSP_INSTALL_UPPERCASE=$(echo $PKI_OCSP_INSTALL | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki OCSP install tests + subsystemId=$OCSP_INST + subsystemType=ocsp + run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE + fi + + PKI_TKS_INSTALL_UPPERCASE=$(echo $PKI_TKS_INSTALL | tr [a-z] [A-Z]) + if [ "$PKI_TKS_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki TKS install tests + subsystemId=$TKS_INST + subsystemType=tks + run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE + fi + PKI_TPS_INSTALL_UPPERCASE=$(echo $PKI_TPS_INSTALL | tr [a-z] [A-Z]) + if [ "$PKI_TPS_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki TPS install tests + subsystemId=$TPS_INST + subsystemType=tps + run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE fi rlPhaseEnd ######## DEV UNIT TESTS ############ diff --git a/tests/dogtag/shared/env.sh b/tests/dogtag/shared/env.sh index 3973d21bf..6f8dd12cd 100644 --- a/tests/dogtag/shared/env.sh +++ b/tests/dogtag/shared/env.sh @@ -467,6 +467,51 @@ TKS2_ADMIN_PASSWORD="Secret123" TKS2_CLIENT_PKCS12_PASSWORD=Secret123 ####### End TKS2 Params ###### +######### TPS1 Parmams used in QUICKINSTALL and topology1 ######### +TPS1_TOMCAT_INSTANCE_NAME="pki-master" +TPS1_SECURE_PORT=30042 +TPS1_UNSECURE_PORT=30044 +TPS1_AJP_PORT=30049 +TPS1_TOMCAT_SERVER_PORT=30045 +TPS1_AUDIT_SIGNING_KEY_TYPE=rsa +TPS1_AUDIT_SIGNING_KEY_SIZE=2048 +TPS1_AUDIT_SIGNING_KEY_ALGORITHM=SHA512withRSA +TPS1_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA +TPS1_AUDIT_SIGNING_TOKEN=Internal +TPS1_AUDIT_SIGNING_CERT_NICKNAME="tps1auditsigningcert" +TPS1_AUDIT_SIGNING_SUBJECT_DN="CN=PKI TPS1 AUDIT Signing Certificate, O=Redhat" + +TPS1_SSL_SERVER_KEY_TYPE=rsa +TPS1_SSL_SERVER_KEY_SIZE=2048 +TPS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +TPS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +TPS1_SSL_SERVER_TOKEN=Internal +TPS1_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA" +TPS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" +TPS1_SUBSYSTEM_KEY_TYPE="rsa" +TPS1_SUBSYSTEM_KEY_SIZE=2048 +TPS1_SUBSYSTEM_KEY_ALGORITHM=SHA512withRSA +TPS1_SUBSYSTEM_SIGNING_ALGORITHM=SHA512withRSA +TPS1_SUBSYSTEM_TOKEN="Internal" +TPS1_SUBSYSTEM_CERT_NICKNAME="tps1subsystemcert" +TPS1_SUBSYSTEM_SUBJECT_DN="cn=PKI TPS1 SUBSYSTEM CERT,O=redhat" +TPS1_ADMIN_USER="tps1admin" +TPS1_ADMIN_PASSWORD="Secret123" +TPS1_ADMIN_EMAIL="example@redhat.com" +TPS1_ADMIN_DUAL_KEY=True +TPS1_ADMIN_KEY_SIZE=2048 +TPS1_ADMIN_KEY_TYPE="rsa" +TPS1_ADMIN_SUBJECT_DN="cn=PKI TPS1 ADMIN,O=redhat" +TPS1_ADMIN_CERT_NICKNAME="tps1admincert" +TPS1_LDAP_PORT=1604 +TPS1_LDAP_INSTANCE_NAME=pki-tps1-ldap +TPS1_DB_SUFFIX="dc=pki-tps1" +TPS1_BACKUP_PASSWORD="Secret123" +TPS1_CLIENT_PKCS12_PASSWORD="Secret123" +TPS1_SERVER_KEYGEN=True +TPS1_AUTHDB_HOST="`hostname`" +########End TPS Params####### + ##### GENERIC PARAMS ##### CLIENT_DIR="/opt/rhqa_pki" CERTDB_DIR="/opt/rhqa_pki/certs_db" @@ -772,6 +817,36 @@ CLONE_TKS1_SSL_SERVER_NICKNAME=cloneca1sslservercert CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" ##### End of CLONE_TKS1 params ###### +###### CLONE_TPS1 params -- used by QUICKINSTALL and topology 1 ######### + +CLONE_TPS1_TOMCAT_INSTANCE_NAME=clone1 +CLONE_TPS1_SECURE_PORT=30002 +CLONE_TPS1_UNSECURE_PORT=30009 +CLONE_TPS1_AJP_PORT=30004 +CLONE_TPS1_TOMCAT_SERVER_PORT=30005 +CLONE_TPS1_ADMIN_USER=clonetpsadmin +CLONE_TPS1_ADMIN_EMAIL=example@redhat.com +CLONE_TPS1_ADMIN_DUAL_KEY=True +CLONE_TPS1_ADMIN_KEY_SIZE=2048 +CLONE_TPS1_ADMIN_KEY_TYPE=rsa +CLONE_TPS1_ADMIN_SUBJECT_DN="cn=PKI TPS ADMIN CLONE, O=redhat" +CLONE_TPS1_ADMIN_CERT_NICKNAME=clonetpsadmincert +CLONE_TPS1_ADMIN_PASSWORD=Secret123 +CLONE_TPS1_DS_HOSTNAME=`hostname` +CLONE_TPS1_LDAP_PORT=2900 +CLONE_TPS1_LDAP_INSTANCE_NAME=pki-clonetps1 +CLONE_TPS1_SECURE_CONN=False +CLONE_TPS1_REMOVE_DATA=True +CLONE_TPS1_SSL_SERVER_KEY_TYPE=rsa +CLONE_TPS1_SSL_SERVER_KEY_SIZE=2048 +CLONE_TPS1_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA +CLONE_TPS1_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA +CLONE_TPS1_SSL_SERVER_TOKEN=Internal +CLONE_TPS1_SSL_SERVER_NICKNAME=cloneca1sslservercert +CLONE_TPS1_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`,O=redhat" +CLONE_TPS1_SERVER_KEYGEN=True +##### End of CLONE_TPS1 params ###### + ##### CLONE2 generic params ######### CLONE2_TOMCAT_INSTANCE_NAME="pki-clone2" @@ -855,6 +930,12 @@ CLONE_TKS2_ADMIN_PASSWORD=Secret123 CLONE_TKS2_DS_HOSTNAME=localhost ######## End of CLONE_TKS2 params ####### +######MS ADCS params####### +MS_ipaddr="10.13.129.103" +MS_username="CORP\\Administrator" +MS_password="Secret123" +######End of MS ADCS params#### + export CLONE_CA1_LDAP_INSTANCE_NAME CLONE_TKS1_LDAP_INSTANCE_NAME CLONE_OCSP1_LDAP_INSTANCE_NAME CLONE_KRA1_LDAP_INSTANCE_NAME CLONE1_GROUP_AUDIT CERTDB_DIR CERTDB_DIR_PASSWORD CLONE_CA1_TOMCAT_INSTANCE_NAME CLONE_KRA1_ADMIN_USER CLONE_KRA1_ADMIN_EMAIL CLONE_KRA1_ADMIN_DUAL_KEY CLONE_KRA1_ADMIN_KEY_SIZE CLONE_KRA1_ADMIN_KEY_TYPE CLONE_KRA1_ADMIN_SUBJECT_DN CLONE_KRA1_ADMIN_CERT_NICKNAME CLONE_ADMIN_IMPORT_CERT CLONE_KRA1_DS_HOSTNAME CLONE_KRA1_LDAP_PORT CLONE_KRA1_SECURE_CONN CLONE_KRA1_REMOVE_DATA CLONE_OCSP1_ADMIN_USER CLONE_OCSP1_ADMIN_EMAIL CLONE_OCSP1_ADMIN_DUAL_KEY CLONE_OCSP1_ADMIN_KEY_SIZE CLONE_OCSP1_ADMIN_KEY_TYPE CLONE_OCSP1_ADMIN_SUBJECT_DN CLONE_OCSP1_ADMIN_CERT_NICKNAME CLONE_OCSP1_ADMIN_PASSWORD CLONE_OCSP1_DS_HOSTNAME CLONE_OCSP1_LDAP_PORT CLONE_OCSP1_SECURE_CONN CLONE_OCSP1_REMOVE_DATA CLONE_TKS1_ADMIN_USER CLONE_TKS1_ADMIN_EMAIL CLONE_TKS1_ADMIN_DUAL_KEY CLONE_TKS1_ADMIN_KEY_SIZE CLONE_TKS1_ADMIN_KEY_TYPE CLONE_TKS1_ADMIN_SUBJECT_DN CLONE_TKS1_ADMIN_CERT_NICKNAME CLONE_TKS1_ADMIN_PASSWORD CLONE_TKS1_DS_HOSTNAME CLONE_TKS1_LDAP_PORT CLONE_TKS1_SECURE_CONN CLONE_TKS1_REMOVE_DATA ROOTCA_SUBSYSTEM_KEY_TYPE ROOTCA_SUBYSTEM_KEY_SIZE ROOTCA_SUBSYSTEM_KEY_ALGORITHM ROOTCA_SUBSYSTEM_SIGNING_ALGORITHM ROOTCA_SUBSYSTEM_TOKEN ROOTCA_SUBSYTEM_NICKNAME ROOTCA_SUBSYSTEM_SUBJECT_DN @@ -887,3 +968,4 @@ export ROOTCA_SSL_SERVER_KEY_TYPE ROOTCA_SSL_SERVER_KEY_SIZE ROOTCA_SSL_SERVER_K export KRA1_SSL_SERVER_KEY_TYPE CLIENT_DIR KRA1_SSL_SERVER_KEY_SIZE KRA1_SSL_SERVER_KEY_ALGORITHM KRA1_SSL_SERVER_SIGNING_ALGORITHM KRA1_SSL_SERVER_TOKEN KRA1_SSL_SERVER_NICKNAME KRA1_SSL_SERVER_CERT_SUBJECT_NAME KRA2_SSL_SERVER_KEY_TYPE KRA2_SSL_SERVER_KEY_SIZE KRA2_SSL_SERVER_KEY_ALGORITHM KRA2_SSL_SERVER_SIGNING_ALGORITHM KRA2_SSL_SERVER_TOKEN KRA2_SSL_SERVER_NICKNAME KRA2_SSL_SERVER_CERT_SUBJECT_NAME KRA3_SSL_SERVER_KEY_TYPE KRA3_SSL_SERVER_KEY_SIZE KRA3_SSL_SERVER_KEY_ALGORITHM KRA3_SSL_SERVER_SIGNING_ALGORITHM KRA3_SSL_SERVER_TOKEN KRA3_SSL_SERVER_NICKNAME KRA3_SSL_SERVER_CERT_SUBJECT_NAME OCSP1_SSL_SERVER_KEY_TYPE OCSP1_SSL_SERVER_KEY_SIZE OCSP1_SSL_SERVER_KEY_ALGORITHM OCSP1_SSL_SERVER_SIGNING_ALGORITHM OCSP1_SSL_SERVER_TOKEN OCSP1_SSL_SERVER_NICKNAME OCSP1_SSL_SERVER_CERT_SUBJECT_NAME OCSP2_SSL_SERVER_KEY_TYPE OCSP2_SSL_SERVER_KEY_SIZE OCSP2_SSL_SERVER_KEY_ALGORITHM OCSP2_SSL_SERVER_SIGNING_ALGORITHM OCSP2_SSL_SERVER_TOKEN OCSP2_SSL_SERVER_NICKNAME OCSP2_SSL_SERVER_CERT_SUBJECT_NAME OCSP3_SSL_SERVER_KEY_TYPE OCSP3_SSL_SERVER_KEY_SIZE OCSP3_SSL_SERVER_KEY_ALGORITHM OCSP3_SSL_SERVER_SIGNING_ALGORITHM OCSP3_SSL_SERVER_TOKEN OCSP3_SSL_SERVER_NICKNAME OCSP3_SSL_SERVER_CERT_SUBJECT_NAME TKS1_SSL_SERVER_KEY_TYPE TKS1_SSL_SERVER_KEY_SIZE TKS1_SSL_SERVER_KEY_ALGORITHM TKS1_SSL_SERVER_SIGNING_ALGORITHM TKS1_SSL_SERVER_TOKEN TKS1_SSL_SERVER_NICKNAME TKS1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_CA1_SSL_SERVER_KEY_TYPE CLONE_CA1_SSL_SERVER_KEY_SIZE CLONE_CA1_SSL_SERVER_KEY_ALGORITHM CLONE_CA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_CA1_SSL_SERVER_TOKEN CLONE_CA1_SSL_SERVER_NICKNAME CLONE_CA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_KRA1_SSL_SERVER_KEY_TYPE CLONE_KRA1_SSL_SERVER_KEY_SIZE CLONE_KRA1_SSL_SERVER_KEY_ALGORITHM CLONE_KRA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_KRA1_SSL_SERVER_TOKEN CLONE_KRA1_SSL_SERVER_NICKNAME CLONE_KRA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_OCSP1_SSL_SERVER_KEY_TYPE CLONE_OCSP1_SSL_SERVER_KEY_SIZE CLONE_OCSP1_SSL_SERVER_KEY_ALGORITHM CLONE_OCSP1_SSL_SERVER_SIGNING_ALGORITHM CLONE_OCSP1_SSL_SERVER_TOKEN CLONE_OCSP1_SSL_SERVER_NICKNAME CLONE_OCSP1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_TKS1_SSL_SERVER_KEY_TYPE CLONE_TKS1_SSL_SERVER_KEY_SIZE CLONE_TKS1_SSL_SERVER_KEY_ALGORITHM CLONE_TKS1_SSL_SERVER_SIGNING_ALGORITHM CLONE_TKS1_SSL_SERVER_TOKEN CLONE_TKS1_SSL_SERVER_NICKNAME CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME +export MS_ipaddr MS_username MS_password diff --git a/tests/dogtag/shared/pki-cert-cli-lib.sh b/tests/dogtag/shared/pki-cert-cli-lib.sh index ca9f160d9..0a20e0852 100755 --- a/tests/dogtag/shared/pki-cert-cli-lib.sh +++ b/tests/dogtag/shared/pki-cert-cli-lib.sh @@ -347,6 +347,21 @@ create_new_cert_request() return 1 fi fi + if [ "$request_type" == "crmfdual" ] && [ "$archive" == "true" ];then + rlLog "PWD=$PWD" + rlLog "Get Transport Cert" + rlRun "cat $CA_SERVER_ROOT/conf/CS.cfg | grep ca.connector.KRA.transportCert | awk -F \"=\" '{print \$2}' > transport.txt" + rlRun "set_newjavapath \":./:/usr/lib/java/jss4.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/apache-commons-codec.jar:/opt/rhqa_pki/jars/pki-qe-tools.jar:\"" 0 "Setting Java CLASSPATH" + rlRun "source /opt/rhqa_pki/env.sh" 0 "Set Environment Variables" + rlLog "Executing generateDualCRMFRequest" + rlLog "java -cp $CLASSPATH generateDualCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file -transport_cert_file transport.txt 1> $dir/crmf.out" + rlRun "java -cp $CLASSPATH generateDualCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file -transport_cert_file transport.txt 1> $dir/crmf.out" + RETVAL=$? + if [ $RETVAL != 0 ]; then + rlFail "CRMFPopClient Failed" + return 1 + fi + fi #### Strip headers from request, Note for CRMF requests Our class doesn't generate the headers if [ "$request_type" == "pkcs10" ] || [ "$archive" == "false" ]; then @@ -979,3 +994,55 @@ run_req_action_cert() echo PKI_ERROR=$(cat $tmp_nss_db/pki-req-approve-out) >> $cert_info fi } +################################################################## +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # +### This script generates an xml file with the certificate request +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# +generate_xml() +{ + cert_request_file=$1 + cert_subject_file=$2 + xml_profile_file=$3 + cert_profile=$4 + rlLog "cert_request_file=$cert_request_file" + rlLog "cert_subject_file=$cert_subject_file" + rlLog "xml_profile_file=$xml_profile_file" + rlLog "cert_profile=$cert_profile" + + local request_type=$(cat $cert_subject_file | grep RequestType: | cut -d: -f2) + local subject_cn=$(cat $cert_subject_file | grep CN: | cut -d: -f2) + local subject_uid=$(cat $cert_subject_file | grep UID: | cut -d: -f2) + local subject_email=$(cat $cert_subject_file | grep Email: | cut -d: -f2) + local subject_ou=$(cat $cert_subject_file | grep OU: | cut -d: -f2) + local subject_org=$(cat $cert_subject_file | grep Org: | cut -d: -f2) + local subject_c=$(cat $cert_subject_file | grep Country: | cut -d: -f2) + + + if [ "$cert_profile" == "caUserCert" ] || [ "$cert_profile" == "caUserSMIMEcapCert" ] || [ "$cert_profile" == "caDualCert" ];then + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v \"$request_type\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $cert_request_file)\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_uid']/Value\" -v \"$subject_uid\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_e']/Value\" -v \"$subject_email\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_cn']/Value\" -v \"$subject_cn\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_ou']/Value\" -v \"$subject_ou\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_o']/Value\" -v \"$subject_org\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='sn_c']/Value\" -v \"$subject_c\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v \"$subject_cn\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v \"$subject_email\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $xml_profile_file" + fi + + if [ "$cert_profile" != "CaDualCert" ] && \ + [ "$cert_profile" != "caDirPinUserCert" ] && \ + [ "$cert_profile" != "caDirUserCert" ] && \ + [ "$cert_profile" != "caECDirUserCert" ] && \ + [ "$cert_profile" != "caAgentServerCert" ] && \ + [ "$cert_profile" != "caUserCert" ] && + [ "$cert_profile" != "caUserSMIMEcapCert" ]; then + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request_type']/Value\" -v \"$request_type\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='cert_request']/Value\" -v \"$(cat -v $cert_request_file)\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_name']/Value\" -v \"$subject_cn\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v \"$subject_email\" $xml_profile_file" + rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $xml_profile_file" + fi +} diff --git a/tests/dogtag/shared/rhcs-shared.sh b/tests/dogtag/shared/rhcs-shared.sh index a1398d450..974bba9ee 100755 --- a/tests/dogtag/shared/rhcs-shared.sh +++ b/tests/dogtag/shared/rhcs-shared.sh @@ -825,7 +825,6 @@ local DOMAIN=$(hostname) echo -e "memberUid: idmuser$COUNT" COUNT=`expr $COUNT + 1` done - } ################################################################# @@ -836,8 +835,8 @@ gen_enroll_data_file() { tps_host=$1 tps_port=$2 - cuid=$3 - ldap_user=$4 + tokenid=$3 + ldapuser=$4 ldap_userpwd=$5 data_file=$6 new_pin="redhat" @@ -845,23 +844,23 @@ gen_enroll_data_file() echo "op=var_set name=ra_host value=$tps_host" > $data_file echo "op=var_set name=ra_port value=$tps_port" >> $data_file echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file - echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file + echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file - echo "op=ra_enroll uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file + echo "op=ra_enroll uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file echo "op=exit" >> $data_file } ############################################################################################################ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -### This script creates a tpsclient format file +### This script createa a tpsclient format file # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# gen_format_data_file() { tps_host=$1 tps_port=$2 - cuid=$3 - ldap_user=$4 + tokenid=$3 + ldapuser=$4 ldap_userpwd=$5 data_file=$6 new_pin="redhat" @@ -869,11 +868,11 @@ gen_format_data_file() echo "op=var_set name=ra_host value=$tps_host" > $data_file echo "op=var_set name=ra_port value=$tps_port" >> $data_file echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file - echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file + echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file - echo "op=ra_format uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file + echo "op=ra_format uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1 extensions=tokenType=userKey" >> $data_file echo "op=exit" >> $data_file } ############################################################################################################ @@ -884,8 +883,8 @@ gen_pin_reset_data_file() { tps_host=$1 tps_port=$2 - cuid=$3 - ldap_user=$4 + tokenid=$3 + ldapuser=$4 ldap_userpwd=$5 data_file=$6 new_pin="redhat" @@ -893,12 +892,12 @@ gen_pin_reset_data_file() echo "op=var_set name=ra_host value=$tps_host" > $data_file echo "op=var_set name=ra_port value=$tps_port" >> $data_file echo "op=var_set name=ra_uri value=/tps/tps" >> $data_file - echo "op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file + echo "op=token_set cuid=$tokenid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0" >> $data_file echo "op=token_set auth_key=404142434445464748494a4b4c4d4e4f" >> $data_file echo "op=token_set mac_key=404142434445464748494a4b4c4d4e4f" >> $data_file echo "op=token_set kek_key=404142434445464748494a4b4c4d4e4f" >> $data_file - echo "op=ra_reset_pin uid=$ldap_user pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file + echo "op=ra_reset_pin uid=$ldapuser pwd=$ldap_userpwd new_pin=$new_pin num_threads=1" >> $data_file echo "op=exit" >> $data_file } ################################################################# - + diff --git a/tests/dogtag/topologies.sh b/tests/dogtag/topologies.sh index 34af25c73..21831982f 100755 --- a/tests/dogtag/topologies.sh +++ b/tests/dogtag/topologies.sh @@ -134,34 +134,37 @@ run_rhcs_install_set_vars() ############################################################ run_rhcs_install_quickinstall() -{ +{ rlPhaseStartTest "run_rhcs_install_quickinstall - Install Master, Clone and SUBCA" - rlLog "QuickInstall - run_rhcs_install_quickinstall" - local BEAKERMASTER=$MASTER - local number=3 - local TKS_number=1 - local CA=ROOTCA + rlLog "QuickInstall - run_rhcs_install_quickinstall" + local BEAKERMASTER=$MASTER + local number=3 + local TKS_number=1 + local TPS_number=1 + local CA=ROOTCA local CLONE_number=1 - local SUBCA_number=1 - local MASTER_KRA=KRA3 - local MASTER_OCSP=OCSP3 - run_rhcs_install_packages + local SUBCA_number=1 + local MASTER_KRA=KRA3 + local MASTER_OCSP=OCSP3 + local MASTER_TKS=TKS1 + run_rhcs_install_packages run_install_subsystem_RootCA run_install_subsystem_kra $number $BEAKERMASTER $CA run_install_subsystem_ocsp $number $BEAKERMASTER $CA run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA #run_install_subsystem_cloneOCSP $CLONE_number $BEAKERMASTER $CA $MASTER_OCSP run_install_subsystem_cloneTKS $CLONE_number $BEAKERMASTER $CA - run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA - run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" - run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" + #run_install_subsystem_cloneTPS $CLONE_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS + run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" - rlPhaseEnd + rlPhaseEnd } - #######Topology 1####### #SubCA1 - RootCA - Clone CA1 # (H3) (H1) (H2) @@ -725,27 +728,27 @@ run_rhcs_install_topo_8() } - - - run_rhcs_install_topo_9() { - rlPhaseStartTest "run_rhcs_install_quickinstall - Install Master, Clone and SUBCA" - rlLog "QuickInstall - run_rhcs_install_quickinstall" + rlPhaseStartTest "run_rhcs_install_topo9 - Install Master, Clone and SUBCA" + rlLog "In topo9" local BEAKERMASTER=$MASTER local number=3 local TKS_number=1 + local TPS_number=1 local CA=ROOTCA local CLONE_number=1 local SUBCA_number=1 local MASTER_KRA=KRA3 local MASTER_OCSP=OCSP3 - run_rhcs_edit_env + local MASTER_TKS=TKS1 + run_rhcs_edit_env run_rhcs_install_packages run_install_subsystem_RootCA run_install_subsystem_kra $number $BEAKERMASTER $CA run_install_subsystem_ocsp $number $BEAKERMASTER $CA run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA #run_install_subsystem_cloneOCSP $CLONE_number $BEAKERMASTER $CA $MASTER_OCSP @@ -759,39 +762,52 @@ run_rhcs_install_topo_9() run_rhcs_edit_env () { rlPhaseStartTest "run_rhcs_edit_env - edit env.sh for different tomcat instances for every subsystem" - sed -i 's/^\(KRA3_TOMCAT_INSTANCE_NAME=\).*/\1rootkra/' /opt/rhqa_pki/env.sh - sed -i 's/^\(OCSP3_TOMCAT_INSTANCE_NAME=\).*/\1rootocsp/' /opt/rhqa_pki/env.sh - sed -i 's/^\(TKS1_TOMCAT_INSTANCE_NAME=\).*/\1roottks/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_KRA1_TOMCAT_INSTANCE_NAME=\).*/\1clonekra1/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_OCSP1_TOMCAT_INSTANCE_NAME=\).*/\1cloneocsp1/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_TKS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetks1/' /opt/rhqa_pki/env.sh - sed -i 's/^\(KRA3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(OCSP3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_KRA1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_OCSP1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(KRA3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(OCSP3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_KRA1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_OCSP1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(KRA3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(OCSP3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_KRA1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_OCSP1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(KRA3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(OCSP3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_KRA1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_OCSP1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh - sed -i 's/^\(CLONE_TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_TOMCAT_INSTANCE_NAME=\).*/\1rootkra/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_TOMCAT_INSTANCE_NAME=\).*/\1rootocsp/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_TOMCAT_INSTANCE_NAME=\).*/\1roottks/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TPS1_TOMCAT_INSTANCE_NAME=\).*/\1roottps/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_TOMCAT_INSTANCE_NAME=\).*/\1clonekra1/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_TOMCAT_INSTANCE_NAME=\).*/\1cloneocsp1/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetks1/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TPS1_TOMCAT_INSTANCE_NAME=\).*/\1clonetps1/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TPS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TPS1_SECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TPS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TPS1_UNSECURE_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TPS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TPS1_AJP_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(KRA3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(OCSP3_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(TPS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_KRA1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_OCSP1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TKS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + sed -i 's/^\(CLONE_TPS1_TOMCAT_SERVER_PORT=\).*/\1'$[($RANDOM % 2001) + 30000]'/' /opt/rhqa_pki/env.sh + . /opt/rhqa_pki/env.sh rlPhaseEnd } + + ######### Routine to get subsystem IDs ######## get_rhcs_subsystem_id() { |