diff options
author | Roshni Pattath <rpattath@redhat.com> | 2014-04-15 21:58:53 -0400 |
---|---|---|
committer | Roshni Pattath <rpattath@redhat.com> | 2014-04-15 22:01:23 -0400 |
commit | 95a0fe5b755e84f8cabe28928fbaa7a5116708b1 (patch) | |
tree | 9bfa7d9ddc9bbbc422d2c1c36f710463f3ca6bab /tests | |
parent | 19664d23cf0808a25e736b97fb12144b60b84aba (diff) | |
download | pki-95a0fe5b755e84f8cabe28928fbaa7a5116708b1.tar.gz pki-95a0fe5b755e84f8cabe28928fbaa7a5116708b1.tar.xz pki-95a0fe5b755e84f8cabe28928fbaa7a5116708b1.zip |
Created a generic function for generating certs
Created a generic function for generating certs
installation of ntpdate and set the env variable for ntpdate server
Diffstat (limited to 'tests')
6 files changed, 273 insertions, 317 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh index 47c190bef..b020908cb 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh @@ -56,6 +56,8 @@ user1=testuser1 user2=testuser2 user1fullname="Test user1" user2fullname="Test user2" +testname="pki_user_cert_add" + ##### pki_user_cli_user_cert_add_ca-configtest #### rlPhaseStartTest "pki_user_cli_user_cert-add-configtest-001: pki user-cert-add configuration test" rlRun "pki user-cert-add > $TmpDir/pki_user_cert_add_cfg.out" \ @@ -75,7 +77,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-002: Add one cert to a user shou -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$user2fullname\" $user2" - rlRun "generate_cert_cert_add $cert_info $k $user2 \"$user2fullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$user2\" \"$user2fullname\" $user2@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -84,12 +86,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-002: Add one cert to a user shou -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_002.pem" + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_002.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_002.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_002.out" \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_002.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_002.out" \ 0 \ "Cert is added to the user $user2" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_002.out" @@ -103,15 +105,15 @@ rlPhaseEnd ##### Add multiple certs to a user ##### rlPhaseStartTest "pki_user_cli_user_cert-add-CA-003: Add multiple certs to a user should succeed" - i=1 + i=0 k=3 rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$user1fullname\" $user1" - while [ $i -lt 5 ] ; do + while [ $i -lt 4 ] ; do - rlRun "generate_cert_cert_add $cert_info $k $user1$i \"$user1fullname$i\" $i" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$user1$(($i+1))\" \"$user1fullname$(($i+1))\" $user1$(($i+1))@example.org $testname $i" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -121,20 +123,20 @@ rlPhaseEnd -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user1 --input $TmpDir/pki_user_cert_add_CA_validcert_003$i.pem" + user-cert-add $user1 --input $TmpDir/pki_user_cert_add-CA_validcert_003$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user1 --input $TmpDir/pki_user_cert_add_CA_validcert_003$i.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" \ + user-cert-add $user1 --input $TmpDir/pki_user_cert_add-CA_validcert_003$i.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" \ 0 \ "Cert is added to the user $user1" - rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" - rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" + rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" + rlAssertGrep "Cert ID: 2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" rlAssertGrep "Serial Number: $cert_serialNumber" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" - rlAssertGrep "Subject: UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_add_CA_useraddcert_003_$i.out" let i=$i+1 done rlPhaseEnd @@ -185,24 +187,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-004: Adding expired cert to a us rlAssertGrep "Certificate ID:" "$TmpDir/pki_user_cert_add_CA_certapprovedshow_004.out" local certificate_serial_number=`cat $TmpDir/pki_user_cert_add_CA_certapprovedshow_004.out | grep "Certificate ID:" | awk '{print $3}'` rlLog "Cerificate Serial Number=$certificate_serial_number" - serialhexuser2[$l]=$certificate_serial_number - serialdecuser2[$l]=`printf "%d" $certificate_serial_number` #Verify the certificate is valid rlRun "pki cert-show $certificate_serial_number --encoded > $TmpDir/pki_user_cert_add_CA_certificate_show_004.out" 0 "Executing pki cert-show $certificate_serial_number" rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_add_CA_certificate_show_004.out" rlAssertGrep "Status: VALID" "$TmpDir/pki_user_cert_add_CA_certificate_show_004.out" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add_CA_certificate_show_004.out > $TmpDir/pki_user_cert_add_CA_validcert_004.pem" - local packagename="ntpdate" - rpm -qa | grep $packagename - if [ $? -eq 1 ] ; then - rlLog "$packagename is not installed" - yum -y install ntpdate - else - rlLog "$packagename is installed" - fi currdate=`date` rlLog "$currdate" - rlRun "ntpdate clock.util.phx2.redhat.com" 0 + rlRun "ntpdate $NTPDATE_SERVER" 0 rlRun "date -s '$cert_end_date'" rlRun "date -s 'next day'" @@ -225,7 +217,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-004: Adding expired cert to a us rlRun "date --set='$endDate ago'" nowdate=`date` rlLog "$nowdate" - rlRun "ntpdate clock.util.phx2.redhat.com" + rlRun "ntpdate $NTPDATE_SERVER" rlPhaseEnd @@ -233,7 +225,7 @@ rlPhaseEnd ##### Add revoked cert to a user ##### rlPhaseStartTest "pki_user_cli_user_cert-add-CA-005: Add revoked cert to a user should succeed" k=5 - rlRun "generate_cert_cert_add $cert_info $k revoke_$user2 \"Revoke $user2fullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"revoke_$user2\" \"Revoke $user2fullname\" revoke_$user2@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -242,17 +234,17 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-005: Add revoked cert to a user -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - cert-revoke $cert_serialNumber --force > $TmpDir/pki_user_cert_add_CA_revokecert_005.out" + cert-revoke $cert_serialNumber --force > $TmpDir/pki_user_cert_add-CA_revokecert_005.out" rlLog "Executing pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_005.pem" + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_005.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_005.out" \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_005.out" \ 0 \ "Revoked cert cannot be added to a user" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=revoke_$user2,E=revoke_$user2@example.org,CN=Revoke $user2fullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_005.out" @@ -269,17 +261,17 @@ rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cert-add-CA-006: Add one cert to a user should fail when USER ID is missing" k=6 - rlRun "generate_cert_cert_add $cert_info $k expired__$user2 \"Expired $user2fullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"expired__$user2\" \"Expired $user2fullname\" expired__$user2@example.org $testname" 0 "Generating temp cert" rlLog "Executing pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add --input $TmpDir/pki_user_cert_add_CA_validcert_006.pem" + user-cert-add --input $TmpDir/pki_user_cert_add-CA_validcert_006.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add --input $TmpDir/pki_user_cert_add_CA_validcert_006.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_006.out 2>&1" \ + user-cert-add --input $TmpDir/pki_user_cert_add-CA_validcert_006.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_006.out 2>&1" \ 1 \ "UserID missing" rlAssertGrep "usage: user-cert-add <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_cert_add_CA_useraddcert_006.out" @@ -333,20 +325,20 @@ rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cert-add-CA-009: Add one cert to a user should fail when the cert is invalid" k=9 - rlRun "generate_cert_cert_add $cert_info $k invalid_$user2 \"Inavlid $user2fullname\"" 0 "Generating temp cert" - rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_user_cert_add_CA_validcert_009.pem" + rlRun "generate_user_cert $cert_info $k \"invalid_$user2\" \"Inavlid $user2fullname\" invalid_$user2@example.org $testname" 0 "Generating temp cert" + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_user_cert_add-CA_validcert_009.pem" rlLog "Executing pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_009.pem" + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_009.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_009.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_009.out 2>&1" \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_009.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_009.out 2>&1" \ 1 \ - "Invalid Certificate cnnot be added to a user" + "Invalid Certificate cannot be added to a user" rlAssertGrep "PKIException: Certificate exception" "$TmpDir/pki_user_cert_add_CA_useraddcert_009.out" rlPhaseEnd @@ -373,7 +365,7 @@ rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" k=11 - rlRun "generate_cert_cert_add $cert_info $k \"Örjan Äke\" \"Örjan Äke\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"Örjan Äke\" \"Örjan Äke\" "test@example.org" $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -383,12 +375,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0011: Add one cert to a user - S -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_0011.pem" + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_0011.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_add_CA_validcert_0011.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0011.out" \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_0011.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0011.out" \ 0 \ "Subject name of the cert has i18n characters" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0011.out" @@ -410,7 +402,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0012: Add cert to a user of type -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" --type=Auditors $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -419,12 +411,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0012: Add cert to a user of type -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0012.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0012.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0012.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0012.out" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0012.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0012.out" \ 0 \ "Cert is added to the user $userid" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0012.out" @@ -445,7 +437,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0013: Add cert to a user of type -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -454,12 +446,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0013: Add cert to a user of type -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0013.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0013.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0013.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0013.out" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0013.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0013.out" \ 0 \ "Cert is added to the user $userid" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0013.out" @@ -480,7 +472,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0014: Add cert to a user of type -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -489,12 +481,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0014: Add cert to a user of type -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0014.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0014.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0014.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0014.out" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0014.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0014.out" \ 0 \ "Cert is added to the user $userid" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0014.out" @@ -515,7 +507,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0015: Add cert to a user of type -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -524,12 +516,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0015: Add cert to a user of type -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0015.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0015.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0015.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0015.out" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0015.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0015.out" \ 0 \ "Cert is added to the user $userid" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0015.out" @@ -550,7 +542,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0016: Add cert to a user of type -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -559,12 +551,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0016: Add cert to a user of type -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0016.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0016.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0016.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0016.out" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0016.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0016.out" \ 0 \ "Cert is added to the user $userid" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0016.out" @@ -585,7 +577,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0017: Add cert to a user of type -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" --type=ClonedSubsystems $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -594,12 +586,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0017: Add cert to a user of type -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0017.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0017.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0017.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0017.out" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0017.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0017.out" \ 0 \ "Cert is added to the user $userid" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0017.out" @@ -620,7 +612,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0018: Add cert to a user of type -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -629,12 +621,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0018: Add cert to a user of type -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0018.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0018.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0018.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0018.out" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0018.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0018.out" \ 0 \ "Cert is added to the user $userid" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0018.out" @@ -664,7 +656,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0019: Add an Admin user "admin_u -t ca \ group-member-add Administrators admin_user > $TmpDir/pki-user-add-ca-group0019.out" - rlRun "generate_cert_cert_add $cert_info $k admin_user \"Admin User\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"admin_user\" \"Admin User\" "admin_user@example.org" $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -673,12 +665,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0019: Add an Admin user "admin_u -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add admin_user --input $TmpDir/pki_user_cert_add_CA_validcert_0019.pem" + user-cert-add admin_user --input $TmpDir/pki_user_cert_add-CA_validcert_0019.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add admin_user --input $TmpDir/pki_user_cert_add_CA_validcert_0019.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0019.out" \ + user-cert-add admin_user --input $TmpDir/pki_user_cert_add-CA_validcert_0019.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0019.out" \ 0 \ "Cert is added to the user admin_user" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0019.out" @@ -717,7 +709,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0020: Add an Agent user agent_us -t ca \ group-member-add \"Certificate Manager Agents\" agent_user > $TmpDir/pki-user-add-ca-group0020.out" k=20 - rlRun "generate_cert_cert_add $cert_info $k agent_user \"Agent User\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"agent_user\" \"Agent User\" "agent_user@example.org" $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -726,12 +718,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0020: Add an Agent user agent_us -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add agent_user --input $TmpDir/pki_user_cert_add_CA_validcert_0020.pem" + user-cert-add agent_user --input $TmpDir/pki_user_cert_add-CA_validcert_0020.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add agent_user --input $TmpDir/pki_user_cert_add_CA_validcert_0020.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0020.out" \ + user-cert-add agent_user --input $TmpDir/pki_user_cert_add-CA_validcert_0020.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0020.out" \ 0 \ "Add cert to agent_user" rlAssertGrep "Added certificate \"2;$decimal_valid_serialNumber_pkcs10;CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=agent_user,E=agent_user@example.org,CN=Agent User,OU=Engineering,O=Example,C=US\"" "$TmpDir/pki_user_cert_add_CA_useraddcert_0020.out" @@ -776,7 +768,7 @@ rlPhaseEnd ##### Adding a cert as an CA_agentV ##### -rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0021: Adding a cert as CA_agentV" +rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0021: Adding a cert as CA_agentV should fail" k=21 local userid="new_user1" local userFullname="New User1" @@ -785,7 +777,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0021: Adding a cert as CA_agentV -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -794,20 +786,21 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0021: Adding a cert as CA_agentV -n CA_agentV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0021.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0021.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_agentV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0021.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0021.out 2>&1" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0021.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0021.out 2>&1" \ 1 \ - "Cert is added to the user $userid" + "Adding cert to a user as CA_agentV" + rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki_user_cert_add_CA_useraddcert_0021.out" rlPhaseEnd ##### Adding a cert as an CA_auditorV ##### -rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0022: Adding a cert as CA_auditorV" +rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0022: Adding a cert as CA_auditorV should fail" k=22 local userid="new_user2" local userFullname="New User2" @@ -816,7 +809,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0022: Adding a cert as CA_audito -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$userFullname\" $userid" - rlRun "generate_cert_cert_add $cert_info $k $userid \"$userFullname\"" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -825,15 +818,55 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0022: Adding a cert as CA_audito -n CA_auditorV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0022.pem" + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0022.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_auditorV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $userid --input $TmpDir/pki_user_cert_add_CA_validcert_0022.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0022.out 2>&1" \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0022.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0022.out 2>&1" \ 1 \ "Cert is added to the user $userid" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki_user_cert_add_CA_useraddcert_0022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + +rlPhaseEnd + + + ##### Adding a cert as an CA_adminE ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-CA-0023: Adding a cert as CA_adminE should fail" + k=23 + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_user_cert $cert_info $k \"$userid\" \"$userFullname\" $userid@example.org $testname" 0 "Generating temp cert" + local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + local decimal_valid_serialNumber_pkcs10=$(echo "ibase=16;$CONV_UPP_VAL_PKCS10"|bc) + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n CA_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0023.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n CA_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0023.pem > $TmpDir/pki_user_cert_add_CA_useraddcert_0023.out 2>&1" \ + 1 \ + "Cert is added to the user $userid" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki_user_cert_add_CA_useraddcert_0023.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd @@ -858,59 +891,4 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" } -generate_cert_cert_add() -{ - - local reqstatus - local requestid - local requestdn - local CERT_INFO="$1" - local file_no="$2" - local user_id="$3" - local userfullname="$4" - local ext=".out" - local cert_ext=".pem" - local num="$5" - if [ "$user_id" = "Örjan Äke" ] ; then - rlRun "create_cert_request $CERTDB_DIR redhat123 pkcs10 rsa 2048 \"Örjan Äke\" \"Örjan Äke\" "test@example.org" "Engineering" "Example" "US" "--" "reqstatus" "requestid" "requestdn"" - else - rlRun "create_cert_request $CERTDB_DIR redhat123 pkcs10 rsa 2048 \"$userfullname\" "$user_id" "$user_id@example.org" "Engineering" "Example" "US" "--" "reqstatus" "requestid" "requestdn"" - fi - - rlRun "pki cert-request-show $requestid > $TmpDir/pki_user_cert_add_CA_certrequestshow_00$file_no$num$ext" 0 "Executing pki cert-request-show $requestid" - rlAssertGrep "Request ID: $requestid" "$TmpDir/pki_user_cert_add_CA_certrequestshow_00$file_no$num$ext" - rlAssertGrep "Type: enrollment" "$TmpDir/pki_user_cert_add_CA_certrequestshow_00$file_no$num$ext" - rlAssertGrep "Status: pending" "$TmpDir/pki_user_cert_add_CA_certrequestshow_00$file_no$num$ext" - rlAssertGrep "Operation Result: success" "$TmpDir/pki_user_cert_add_CA_certrequestshow_00$file_no$num$ext" - - #Agent Approve the certificate after reviewing the cert for the user - rlLog "Executing: pki -d $CERTDB_DIR/ \ - -n CA_agentV \ - -c $CERTDB_DIR_PASSWORD \ - -t ca \ - cert-request-review --action=approve $requestid" - rlRun "pki -d $CERTDB_DIR/ \ - -n CA_agentV \ - -c $CERTDB_DIR_PASSWORD \ - -t ca \ - cert-request-review --action=approve $requestid > $TmpDir/pki_user_cert_add_CA_certapprove_00$file_no$num$ext" \ - 0 \ - "CA agent approve the cert" - rlAssertGrep "Approved certificate request $requestid" "$TmpDir/pki_user_cert_add_CA_certapprove_00$file_no$num$ext" - rlRun "pki cert-request-show $requestid > $TmpDir/pki_user_cert_add_CA_certapprovedshow_00$file_no$num$ext" 0 "Executing pki cert-request-show $requestid" - rlAssertGrep "Request ID: $requestid" "$TmpDir/pki_user_cert_add_CA_certapprovedshow_00$file_no$num$ext" - rlAssertGrep "Type: enrollment" "$TmpDir/pki_user_cert_add_CA_certapprovedshow_00$file_no$num$ext" - rlAssertGrep "Status: complete" "$TmpDir/pki_user_cert_add_CA_certapprovedshow_00$file_no$num$ext" - rlAssertGrep "Certificate ID:" "$TmpDir/pki_user_cert_add_CA_certapprovedshow_00$file_no$num$ext" - local certificate_serial_number=`cat $TmpDir/pki_user_cert_add_CA_certapprovedshow_00$file_no$num$ext | grep "Certificate ID:" | awk '{print $3}'` - rlLog "Cerificate Serial Number=$certificate_serial_number" - #Verify the certificate is valid - rlRun "pki cert-show $certificate_serial_number --encoded > $TmpDir/pki_user_cert_add_CA_certificate_show_00$file_no$num$ext" 0 "Executing pki cert-show $certificate_serial_number" - - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add_CA_certificate_show_00$file_no$num$ext > $TmpDir/pki_user_cert_add_CA_validcert_00$file_no$num$cert_ext" - rlRun "certutil -d $CERTDB_DIR -A -n \"$user_id\" -i $TmpDir/pki_user_cert_add_CA_validcert_00$file_no$num$cert_ext -t "u,u,u"" - echo cert_serialNumber-$certificate_serial_number > $CERT_INFO - echo cert_requestdn-$requestdn >> $CERT_INFO - return 0; -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh index 901475458..132b338d3 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh @@ -58,7 +58,7 @@ user2fullname="Test user2" user3=testuser3 user3fullname="Test user3" cert_info="$TmpDir/cert_info" - +testname="pki_user_cert_find" ##### pki_user_cli_user_cert_find_ca-configtest #### rlPhaseStartTest "pki_user_cli_user_cert-find-configtest-001: pki user-cert-find configuration test" @@ -74,14 +74,13 @@ cert_info="$TmpDir/cert_info" rlPhaseStartTest "pki_user_cli_user_cert-find-CA-002: Find the certs of a user in CA --userid only - single page of certs" i=0 -# l=0 k=2 rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$user1fullname\" $user1" while [ $i -lt 4 ] ; do - rlRun "generate_cert_cert_find $cert_info $k $user1$(($i+1)) \"$user1fullname$(($i+1))\" $i" 0 "Generating temp cert" + rlRun "generate_user_cert $cert_info $k \"$user1$(($i+1))\" \"$user1fullname$(($i+1))\" $user1$(($i+1))@example.org $testname $i" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -92,16 +91,15 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-002: Find the certs of a user i -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user1 --input $TmpDir/pki_user_cert_find_CA_validcert_002$i.pem" + user-cert-add $user1 --input $TmpDir/pki_user_cert_find-CA_validcert_002$i.pem" rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user1 --input $TmpDir/pki_user_cert_find_CA_validcert_002$i.pem > $TmpDir/useraddcert__002_$i.out" \ + user-cert-add $user1 --input $TmpDir/pki_user_cert_find-CA_validcert_002$i.pem > $TmpDir/useraddcert__002_$i.out" \ 0 \ "Cert is added to the user $user1" let i=$i+1 - #let l=$l+1 done rlLog "Executing: pki -d $CERTDB_DIR/ \ -n CA_adminV \ @@ -115,48 +113,43 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-002: Find the certs of a user i user-cert-find $user1 > $TmpDir/pki_user_cert_find_ca_002.out" \ 0 \ "Finding certs assigned to $user1" - #let i=$i-1 numcertsuser1=$i rlAssertGrep "$i entries matched" "$TmpDir/pki_user_cert_find_ca_002.out" rlAssertGrep "Number of entries returned $i" "$TmpDir/pki_user_cert_find_ca_002.out" i=0 - #l=0 while [ $i -lt 4 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser1[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))i@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_002.out" - rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_002.out" - rlAssertGrep "Serial Number: ${serialhexuser1[$i]}" "$TmpDir/pki_user_cert_find_ca_002.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_002.out" - rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_002.out" - let i=$i+1 - #let l=$l+1 - done - rlPhaseEnd + rlAssertGrep "Cert ID: 2;${serialdecuser1[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_002.out" + rlAssertGrep "Serial Number: ${serialhexuser1[$i]}" "$TmpDir/pki_user_cert_find_ca_002.out" + rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_002.out" + let i=$i+1 + done +rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_cert-find-CA-003: Find the certs of a user in CA --userid only - multiple pages of certs" - i=1 - l=0 + i=0 k=3 rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-add --fullName=\"$user2fullname\" $user2" - while [ $i -lt 25 ] ; do - rlRun "generate_cert_cert_find $cert_info $k $user2$i \"$user2fullname$i\" $i" 0 "Generating temp cert" + while [ $i -lt 24 ] ; do + rlRun "generate_user_cert $cert_info $k \"$user2$(($i+1))\" \"$user2fullname$(($i+1))\" $user2$(($i+1))@example.org $testname $i" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} local decimal_valid_serialNumber_pkcs10=$(echo "ibase=16;$CONV_UPP_VAL_PKCS10"|bc) - serialhexuser2[$l]=$cert_serialNumber - serialdecuser2[$l]=$decimal_valid_serialNumber_pkcs10 + serialhexuser2[$i]=$cert_serialNumber + serialdecuser2[$i]=$decimal_valid_serialNumber_pkcs10 rlRun "pki -d $CERTDB_DIR/ \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user2 --input $TmpDir/pki_user_cert_find_CA_validcert_003$i.pem > $TmpDir/useraddcert__003_$i.out" \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_find-CA_validcert_003$i.pem > $TmpDir/useraddcert__003_$i.out" \ 0 \ "Cert is added to the user $user2" let i=$i+1 - let l=$l+1 done rlLog "Executing: pki -d $CERTDB_DIR/ \ -n CA_adminV \ @@ -170,19 +163,16 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-003: Find the certs of a user i user-cert-find $user2 > $TmpDir/pki_user_cert_find_ca_003.out" \ 0 \ "Finding certs assigned to $user2" - let i=$i-1 numcertsuser2=$i rlAssertGrep "$i entries matched" "$TmpDir/pki_user_cert_find_ca_003.out" - i=1 - l=0 - while [ $i -lt 21 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_003.out" + i=0 + while [ $i -lt 20 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser2[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_003.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_003.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_003.out" + rlAssertGrep "Serial Number: ${serialhexuser2[$i]}" "$TmpDir/pki_user_cert_find_ca_003.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_003.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_003.out" let i=$i+1 - let l=$l+1 done rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_user_cert_find_ca_003.out" rlPhaseEnd @@ -246,16 +236,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-006: Find the certs of a user i "Finding certs assigned to $user1 - --size=2" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_user_cert_find_ca_006.out" rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_user_cert_find_ca_006.out" - i=1 - l=0 - while [ $i -lt 3 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser1[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_006.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser1[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_006.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_006.out" - rlAssertGrep "Serial Number: ${serialhexuser1[$l]}" "$TmpDir/pki_user_cert_find_ca_006.out" + rlAssertGrep "Serial Number: ${serialhexuser1[$i]}" "$TmpDir/pki_user_cert_find_ca_006.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_006.out" - rlAssertGrep "Subject: UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_006.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd @@ -311,16 +299,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-009: Find the certs of a user i "Finding certs assigned to $user1 - --size=50" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_user_cert_find_ca_009.out" rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_user_cert_find_ca_009.out" - i=1 - l=0 - while [ $i -lt 5 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser1[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" + i=0 + while [ $i -lt 4 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser1[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_009.out" - rlAssertGrep "Serial Number: ${serialhexuser1[$l]}" "$TmpDir/pki_user_cert_find_ca_009.out" + rlAssertGrep "Serial Number: ${serialhexuser1[$i]}" "$TmpDir/pki_user_cert_find_ca_009.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_009.out" - rlAssertGrep "Subject: UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd @@ -343,16 +329,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-010: Find the certs of a user i rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_user_cert_find_ca_010.out" let newnumcerts=$numcertsuser1-2 rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_user_cert_find_ca_010.out" - i=3 - l=2 - while [ $i -lt 5 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser1[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_010.out" + i=2 + while [ $i -lt 4 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser1[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_010.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_010.out" - rlAssertGrep "Serial Number: ${serialhexuser1[$l]}" "$TmpDir/pki_user_cert_find_ca_010.out" + rlAssertGrep "Serial Number: ${serialhexuser1[$i]}" "$TmpDir/pki_user_cert_find_ca_010.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_010.out" - rlAssertGrep "Subject: UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_010.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd @@ -372,16 +356,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-011: Find the certs of a user i "Finding certs assigned to $user1 - --start=0" rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_user_cert_find_ca_011.out" rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_user_cert_find_ca_011.out" - i=1 - l=0 - while [ $i -lt 5 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser1[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" + i=0 + while [ $i -lt 4 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser1[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_009.out" - rlAssertGrep "Serial Number: ${serialhexuser1[$l]}" "$TmpDir/pki_user_cert_find_ca_009.out" + rlAssertGrep "Serial Number: ${serialhexuser1[$i]}" "$TmpDir/pki_user_cert_find_ca_009.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_009.out" - rlAssertGrep "Subject: UID=$user1$i,E=$user1$i@example.org,CN=$user1fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_009.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd @@ -401,16 +383,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-012: Find the certs of a user i "Finding certs assigned to $user2 - --start=0" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_user_cert_find_ca_012.out" rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_user_cert_find_ca_012.out" - i=1 - l=0 - while [ $i -lt 21 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_012.out" + i=0 + while [ $i -lt 20 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser2[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_012.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_012.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_012.out" + rlAssertGrep "Serial Number: ${serialhexuser2[$i]}" "$TmpDir/pki_user_cert_find_ca_012.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_012.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_012.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd @@ -531,16 +511,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-018: Find the certs of a user i rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_user_cert_find_ca_018.out" let newnumcert=$numcertsuser2-20 rlAssertGrep "Number of entries returned $newnumcert" "$TmpDir/pki_user_cert_find_ca_018.out" - i=21 - l=20 - while [ $i -lt 25 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_018.out" + i=20 + while [ $i -lt 24 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser2[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_018.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_018.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_018.out" + rlAssertGrep "Serial Number: ${serialhexuser2[$i]}" "$TmpDir/pki_user_cert_find_ca_018.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_018.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_018.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd @@ -560,16 +538,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-019: Find the certs of a user i "Finding certs assigned to $user2 - --start=0 --size=22" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_user_cert_find_ca_019.out" rlAssertGrep "Number of entries returned 22" "$TmpDir/pki_user_cert_find_ca_019.out" - i=1 - l=0 - while [ $i -lt 23 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_019.out" + i=0 + while [ $i -lt 22 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser2[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_019.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_019.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_019.out" + rlAssertGrep "Serial Number: ${serialhexuser2[$i]}" "$TmpDir/pki_user_cert_find_ca_019.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_019.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_019.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd @@ -589,13 +565,12 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-020: Find the certs of a user i "Finding certs assigned to $user2 - --start=22 --size=1" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_user_cert_find_ca_020.out" rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_user_cert_find_ca_020.out" - i=23 - l=22 - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_020.out" + i=22 + rlAssertGrep "Cert ID: 2;${serialdecuser2[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_020.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_020.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_020.out" + rlAssertGrep "Serial Number: ${serialhexuser2[$i]}" "$TmpDir/pki_user_cert_find_ca_020.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_020.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_020.out" rlPhaseEnd @@ -615,24 +590,22 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-021: Find the certs of a user i "Finding certs assigned to $user2 - --start=22 --size=5" rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_user_cert_find_ca_021.out" rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_user_cert_find_ca_021.out" - i=23 - l=22 - while [ $i -lt 25 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_021.out" + i=22 + while [ $i -lt 24 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecuser2[$i]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_021.out" rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_021.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_021.out" + rlAssertGrep "Serial Number: ${serialhexuser2[$i]}" "$TmpDir/pki_user_cert_find_ca_021.out" rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_021.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_021.out" let i=$i+1 - let l=$l+1 done rlPhaseEnd ##### Tests to find certs assigned to CA users - i18n characters #### rlPhaseStartTest "pki_user_cli_user_cert-find-CA-022: Find certs assigned to user \"CN=Örjan Äke,UID=Örjan Äke\" i18n Characters" - k=22 - rlRun "generate_cert_cert_find $cert_info $k \"Örjan Äke\" \"Örjan Äke\"" 0 "Generating temp cert" + k=22 + rlRun "generate_user_cert $cert_info $k \"Örjan Äke\" \"Örjan Äke\" "test@example.org" $testname" 0 "Generating temp cert" local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) local STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2) local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} @@ -641,7 +614,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-022: Find certs assigned to use -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-add $user1 --input $TmpDir/pki_user_cert_find_CA_validcert_0022.pem > $TmpDir/useraddcer0t__003.out" \ + user-cert-add $user1 --input $TmpDir/pki_user_cert_find-CA_validcert_0022.pem > $TmpDir/useraddcert__0022.out" \ 0 \ "Cert is added to the user $user1" rlLog "Executing: pki -d $CERTDB_DIR/ \ @@ -657,7 +630,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-022: Find certs assigned to use 0 \ "Finding certs assigned to $user1" let numcertsuser1=$numcertsuser1+1 - i=5 + i=4 rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_user_cert_find_ca_022.out" rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_user_cert_find_ca_022.out" @@ -669,7 +642,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-022: Find certs assigned to use rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_cert-find-CA-023: Find the certs of a user as CA_agentV" +rlPhaseStartTest "pki_user_cli_user_cert-find-CA-023: Find the certs of a user as CA_agentV should fail" rlLog "Executing: pki -d $CERTDB_DIR/ \ -n CA_agentV \ @@ -680,25 +653,14 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-022: Find certs assigned to use -n CA_agentV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-find $user2 > $TmpDir/pki_user_cert_find_ca_023.out" \ - 0 \ + user-cert-find $user2 > $TmpDir/pki_user_cert_find_ca_023.out 2>&1" \ + 1 \ "Finding certs assigned to $user2 as CA_agentV" - rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_user_cert_find_ca_023.out" - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_user_cert_find_ca_023.out" - i=1 - l=0 - while [ $i -lt 25 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_023.out" - rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_023.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_023.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_023.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_023.out" - let i=$i+1 - let l=$l+1 - done + rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki_user_cert_find_ca_023.out" rlPhaseEnd -rlPhaseStartTest "pki_user_cli_user_cert-find-CA-024: Find the certs of a user as CA_auditorV" + +rlPhaseStartTest "pki_user_cli_user_cert-find-CA-024: Find the certs of a user as CA_auditorV should fail" rlLog "Executing: pki -d $CERTDB_DIR/ \ -n CA_auditorV \ @@ -709,22 +671,32 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-024: Find the certs of a user a -n CA_auditorV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-cert-find $user2 > $TmpDir/pki_user_cert_find_ca_024.out" \ - 0 \ + user-cert-find $user2 > $TmpDir/pki_user_cert_find_ca_024.out 2>&1" \ + 1 \ "Finding certs assigned to $user2 as CA_auditorV" - rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_user_cert_find_ca_024.out" - rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_user_cert_find_ca_024.out" - i=1 - l=0 - while [ $i -lt 25 ] ; do - rlAssertGrep "Cert ID: 2;${serialdecuser2[$l]};CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain;UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_024.out" - rlAssertGrep "Version: 2" "$TmpDir/pki_user_cert_find_ca_024.out" - rlAssertGrep "Serial Number: ${serialhexuser2[$l]}" "$TmpDir/pki_user_cert_find_ca_024.out" - rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$TmpDir/pki_user_cert_find_ca_024.out" - rlAssertGrep "Subject: UID=$user2$i,E=$user2$i@example.org,CN=$user2fullname$i,OU=Engineering,O=Example,C=US" "$TmpDir/pki_user_cert_find_ca_024.out" - let i=$i+1 - let l=$l+1 - done + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki_user_cert_find_ca_024.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +rlPhaseStartTest "pki_user_cli_user_cert-find-CA-025: Find the certs of a user as CA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n CA_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n CA_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + user-cert-find $user2 > $TmpDir/pki_user_cert_find_ca_025.out 2>&1" \ + 1 \ + "Finding certs assigned to $user2 as CA_adminE" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki_user_cert_find_ca_025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd @@ -747,59 +719,4 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" } -generate_cert_cert_find() -{ - - local reqstatus - local requestid - local requestdn - local CERT_INFO="$1" - local file_no="$2" - local user_id="$3" - local userfullname="$4" - local ext=".out" - local cert_ext=".pem" - local num="$5" - if [ "$user_id" = "Örjan Äke" ] ; then - rlRun "create_cert_request $CERTDB_DIR redhat123 pkcs10 rsa 2048 \"Örjan Äke\" \"Örjan Äke\" "test@example.org" "Engineering" "Example" "US" "--" "reqstatus" "requestid" "requestdn"" - else - rlRun "create_cert_request $CERTDB_DIR redhat123 pkcs10 rsa 2048 \"$userfullname\" "$user_id" "$user_id@example.org" "Engineering" "Example" "US" "--" "reqstatus" "requestid" "requestdn"" - fi - - rlRun "pki cert-request-show $requestid > $TmpDir/pki_user_cert_find_CA_certrequestshow_00$file_no$num$ext" 0 "Executing pki cert-request-show $requestid" - rlAssertGrep "Request ID: $requestid" "$TmpDir/pki_user_cert_find_CA_certrequestshow_00$file_no$num$ext" - rlAssertGrep "Type: enrollment" "$TmpDir/pki_user_cert_find_CA_certrequestshow_00$file_no$num$ext" - rlAssertGrep "Status: pending" "$TmpDir/pki_user_cert_find_CA_certrequestshow_00$file_no$num$ext" - rlAssertGrep "Operation Result: success" "$TmpDir/pki_user_cert_find_CA_certrequestshow_00$file_no$num$ext" - - #Agent Approve the certificate after reviewing the cert for the user - rlLog "Executing: pki -d $CERTDB_DIR/ \ - -n CA_agentV \ - -c $CERTDB_DIR_PASSWORD \ - -t ca \ - cert-request-review --action=approve $requestid" - rlRun "pki -d $CERTDB_DIR/ \ - -n CA_agentV \ - -c $CERTDB_DIR_PASSWORD \ - -t ca \ - cert-request-review --action=approve $requestid > $TmpDir/pki_user_cert_find_CA_certapprove_00$file_no$num$ext" \ - 0 \ - "CA agent approve the cert" - rlAssertGrep "Approved certificate request $requestid" "$TmpDir/pki_user_cert_find_CA_certapprove_00$file_no$num$ext" - rlRun "pki cert-request-show $requestid > $TmpDir/pki_user_cert_find_CA_certapprovedshow_00$file_no$num$ext" 0 "Executing pki cert-request-show $requestid" - rlAssertGrep "Request ID: $requestid" "$TmpDir/pki_user_cert_find_CA_certapprovedshow_00$file_no$num$ext" - rlAssertGrep "Type: enrollment" "$TmpDir/pki_user_cert_find_CA_certapprovedshow_00$file_no$num$ext" - rlAssertGrep "Status: complete" "$TmpDir/pki_user_cert_find_CA_certapprovedshow_00$file_no$num$ext" - rlAssertGrep "Certificate ID:" "$TmpDir/pki_user_cert_find_CA_certapprovedshow_00$file_no$num$ext" - local certificate_serial_number=`cat $TmpDir/pki_user_cert_find_CA_certapprovedshow_00$file_no$num$ext | grep "Certificate ID:" | awk '{print $3}'` - rlLog "Cerificate Serial Number=$certificate_serial_number" - #Verify the certificate is valid - rlRun "pki cert-show $certificate_serial_number --encoded > $TmpDir/pki_user_cert_find_CA_certificate_show_00$file_no$num$ext" 0 "Executing pki cert-show $certificate_serial_number" - - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_find_CA_certificate_show_00$file_no$num$ext > $TmpDir/pki_user_cert_find_CA_validcert_00$file_no$num$cert_ext" - rlRun "certutil -d $CERTDB_DIR -A -n \"$user_id\" -i $TmpDir/pki_user_cert_find_CA_validcert_00$file_no$num$cert_ext -t "u,u,u"" - echo cert_serialNumber-$certificate_serial_number > $CERT_INFO - echo cert_requestdn-$requestdn >> $CERT_INFO - return 0; -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh index ff367d515..45d3ee35a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh @@ -71,7 +71,7 @@ run_pki-user-cli-user-mod-ca_tests(){ ##### pki_user_cli_user_mod-configtest #### rlPhaseStartTest "pki_user_cli_user_mod-configtest-001: pki user-mod configuration test" rlRun "pki user-mod > $TmpDir/pki_user_mod_cfg.out" \ - 0 \ + 1 \ "User modification configuration" rlAssertGrep "usage: user-mod <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_mod_cfg.out" rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_mod_cfg.out" diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh index e05b3be5a..86823d504 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh @@ -71,6 +71,7 @@ run_rhcs_install_subsystems() { TPS_SERVER_PACKAGES="pki-tps" RHELRHCS_PACKAGES="nuxwdog symkey mod-nss pki-native-tools redhat-pki-ca-ui redhat-pki-common-ui redhat-pki-console-ui redhat-pki-kra-ui redhat-pki-ocsp-ui redhat-pki-ra-ui redhat-pki-tks-ui redhat-pki-tps-ui" DOGTAG_PACKAGES="pki-tools pki-symkey dogtag-pki dogtag-pki-console-theme dogtag-pki-server-theme" + NTPDATE_PACKAGE="ntpdate" cat /etc/redhat-release | grep "Fedora" @@ -98,6 +99,8 @@ run_rhcs_install_subsystems() { yum -y install $COMMON_SERVER_PACKAGES rlLog "yum -y install $CA_SERVER_PACKAGES" yum -y install $CA_SERVER_PACKAGES + rlLog "yum -y install $NTPDATE_PACKAGE" + yum -y install $NTPDATE_PACKAGE echo "export CA_SERVER_CERT_SUBJECT_NAME= CN=$HOSTNAME,O=redhat" >> /opt/rhqa_pki/env.sh #codecoverage setup CODE_COVERAGE_UPPERCASE=$(echo $CODE_COVERAGE | tr [a-z] [A-Z]) @@ -118,7 +121,7 @@ run_rhcs_install_subsystems() { fi if [ "$FLAVOR" == "Fedora" ] ; then - ALL_PACKAGES="$COMMON_SERVER_PACKAGES $CA_SERVER_PACKAGES" + ALL_PACKAGES="$COMMON_SERVER_PACKAGES $CA_SERVER_PACKAGES $NTPDATE_PACKAGE" for item in $ALL_PACKAGES ; do rpm -qa | grep $item if [ $? -eq 0 ] ; then diff --git a/tests/dogtag/shared/env.sh b/tests/dogtag/shared/env.sh index 6336154da..c5046e697 100644 --- a/tests/dogtag/shared/env.sh +++ b/tests/dogtag/shared/env.sh @@ -61,5 +61,6 @@ TKS_ADMIN_PASSWORD="Secret123" TKS_ADMIN_USER="tksadmin" TKS_BACKUP_PASSWORD=redhat123 TKS_CLIENT_PKCS12_PASSWORD=Secret123 +NTPDATE_SERVER="clock.util.phx2.redhat.com" export LDAP_ROOTDN LDAP_ROOTDNPWD LDAP_BASEDN LDAP_ADMINPW CERTDB_DIR CERTDB_DIR_PASSWORD CA_LDAP_INSTANCE_NAME CA_ADMIN_USER CA_ADMIN_PASSWORD CA_KEY_TYPE CA_KEY_SIZE CA_INSTANCE_ID CA_DB_SUFFIX CA_LDAP_PORT CA_INSTANCE_ROOT CA_CLIENT_PKCS12_PASSWORD CA_SECURITY_DOMAIN_PASSWORD CA_AGENT_SECURE_PORT CA_EE_SECURE_PORT CA_EE_SECURE_CLIENT_AUTH_PORT CA_SECURE_PORT CA_UNSECURE_PORT CA_TOMCAT_SERVER_PORT CA_AGENT_CERT_NICKNAME CA_AGENT_CERT_SUBJECT_NAME CA_SIGNING_CERT_SUBJECT_NAME CA_SUBSYSTEM_CERT_SUBJECT_NAME CA_OCSP_SIGNING_CERT_SUBJECT_NAME CA_AUDIT_SIGNING_CERT_SUBJECT_NAME CA_SUBSYSTEM_NAME CA_AGENT_KEY_SIZE CA_AGENT_KEY_TYPE CA_BACKUP_PASSWORD CA_TOKEN_NAME CA_TOKEN_PASSWORD CA_KEY_ALGORITHM CA_SIGNING_ALGORITHM CA_SIGNING_SIGNING_ALGORITHM CA_OCSP_SIGNING_ALGORITHM CA_BACKUP_FILE_NAME KRA_ADMIN_PASSWORD KRA_BACKUP_PASSWORD KRA_CLIENT_PKCS12_PASSWORD OCSP_ADMIN_PASSWORD OCSP_BACKUP_PASSWORD OCSP_CLIENT_PKCS12_PASSWORD TKS_ADMIN_PASSWORD TKS_BACKUP_PASSWORD TKS_CLIENT_PKCS12_PASSWORD CA_TKS_SIGNING_CERT_SUBJECT_NAME CA_TKS_SIGNING_ALGORITHM diff --git a/tests/dogtag/shared/pki-cert-cli-lib.sh b/tests/dogtag/shared/pki-cert-cli-lib.sh index 29d90d183..b2200ccf7 100755 --- a/tests/dogtag/shared/pki-cert-cli-lib.sh +++ b/tests/dogtag/shared/pki-cert-cli-lib.sh @@ -1,6 +1,7 @@ #!/bin/sh #Include below files . /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh ######################################################################## # PKI CERT SHARED LIBRARY ####################################################################### @@ -292,7 +293,7 @@ create_new_cert_request() rlRun "set_newjavapath \":./:/usr/lib/java/jss4.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/apache-commons-codec.jar:/usr/share/java/pki/pki-silent.jar:/opt/rhqa_pki/java/generateCRMFRequest.jar:\"" 0 "Setting Java CLASSPATH" rlRun "source /opt/rhqa_pki/env.sh" 0 "Set Environment Variables" rlLog "Execute generateCRMFRequest to generate CRMF Request" - rlRun "java -cp $CLASSPATH generateCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file 1> $dir/crmf.out" 0 "Execute generateCRMFRequest to generate CRMF Request" + rlRun "java -cp $CLASSPATH generateCRMFRequest -client_certdb_dir $dir -client_certdb_pwd $password -debug false -request_subject \"$subject\" -request_keytype $algo -request_keysize $key_size -output_file $cert_request_file 1> $dir/crmf.out" 0 "Execute generateCRMFRequest to generata CRMF Request" fi if [ "$request_type" == "crmf" ] && [ "$archive" == "true" ];then @@ -431,4 +432,60 @@ submit_new_request(){ return 0; } + +generate_user_cert() +{ + local reqstatus + local requestid + local requestdn + local CERT_INFO="$1" + local file_no="$2" + local user_id="$3" + local userfullname="$4" + local ext=".out" + local cert_ext=".pem" + local req_email="$5" + local num="$7" + local file_name="$6" + rlRun "create_cert_request $CERTDB_DIR redhat123 pkcs10 rsa 2048 \"$userfullname\" \"$user_id\" "$req_email" "Engineering" "Example" "US" "--" "reqstatus" "requestid" "requestdn"" + + rlRun "pki cert-request-show $requestid > $TmpDir/$file_name-CA_certrequestshow_00$file_no$num$ext" 0 "Executing pki cert-request-show $requestid" + rlAssertGrep "Request ID: $requestid" "$TmpDir/$file_name-CA_certrequestshow_00$file_no$num$ext" + rlAssertGrep "Type: enrollment" "$TmpDir/$file_name-CA_certrequestshow_00$file_no$num$ext" + rlAssertGrep "Status: pending" "$TmpDir/$file_name-CA_certrequestshow_00$file_no$num$ext" + rlAssertGrep "Operation Result: success" "$TmpDir/$file_name-CA_certrequestshow_00$file_no$num$ext" + + #Agent Approve the certificate after reviewing the cert for the user + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n CA_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + cert-request-review --action=approve $requestid" + rlRun "pki -d $CERTDB_DIR/ \ + -n CA_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -t ca \ + cert-request-review --action=approve $requestid > $TmpDir/$file_name-CA_certapprove_00$file_no$num$ext" \ + 0 \ + "CA agent approve the cert" + rlAssertGrep "Approved certificate request $requestid" "$TmpDir/$file_name-CA_certapprove_00$file_no$num$ext" + rlRun "pki cert-request-show $requestid > $TmpDir/$file_name-CA_certapprovedshow_00$file_no$num$ext" 0 "Executing pki cert-request-show $requestid" + rlAssertGrep "Request ID: $requestid" "$TmpDir/$file_name-CA_certapprovedshow_00$file_no$num$ext" + rlAssertGrep "Type: enrollment" "$TmpDir/$file_name-CA_certapprovedshow_00$file_no$num$ext" + rlAssertGrep "Status: complete" "$TmpDir/$file_name-CA_certapprovedshow_00$file_no$num$ext" + rlAssertGrep "Certificate ID:" "$TmpDir/$file_name-CA_certapprovedshow_00$file_no$num$ext" + local certificate_serial_number=`cat $TmpDir/$file_name-CA_certapprovedshow_00$file_no$num$ext | grep "Certificate ID:" | awk '{print $3}'` + rlLog "Cerificate Serial Number=$certificate_serial_number" + #Verify the certificate is valid + rlRun "pki cert-show $certificate_serial_number --encoded > $TmpDir/$file_name-CA_certificate_show_00$file_no$num$ext" 0 "Executing pki cert-show $certificate_serial_number" + + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/$file_name-CA_certificate_show_00$file_no$num$ext > $TmpDir/$file_name-CA_validcert_00$file_no$num$cert_ext" + rlRun "certutil -d $CERTDB_DIR -A -n \"$user_id\" -i $TmpDir/$file_name-CA_validcert_00$file_no$num$cert_ext -t "u,u,u"" + echo cert_serialNumber-$certificate_serial_number > $CERT_INFO + echo cert_requestdn-$requestdn >> $CERT_INFO + return 0; + +} + + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # |